Shadows...
Small note
For these that still thinking that those screens from Yahoo are fake/manipulated(there are few people):the answer is very simple-just use "document.write" before "alert" e.g: document.write('something');alert(/another something/.source) if you don't want to disclose content of
the
current page
Here is example:
Several XSS flaws in different Yahoo! sub-domains
One of these subdomains have a very "strong" filter:<script> is blocked ...but no surprise <ScRipT> is allowed
that's for now...
Subscribe to:
Posts (Atom)
Blog
10 December 2016
09 April 2012
Small note
For these that still thinking that those screens from Yahoo are fake/manipulated(there are few people):the answer is very simple-just use "document.write" before "alert" e.g: document.write('something');alert(/another something/.source) if you don't want to disclose content of
the
current page
Here is example:
08 April 2012
Several XSS flaws in different Yahoo! sub-domains
One of these subdomains have a very "strong" filter:<script> is blocked ...but no surprise <ScRipT> is allowed
that's for now...
Subscribe to:
Posts (Atom)