XSS

Detectify Labs > XSS

Our guest blogger and Detectify Crowdsource hacker ak1t4 explains how he discovered and reported a persistent XSS vulnerability on Teamtailor that affected thousands of career sites – including Detectify’s external career site. Teamtailor patched the vulnerability within one day after the issue had been reported.

Detectify Crowdsource Persistent XSS Team Tailor XSS

This is a walkthrough of a hard-to-reproduce bug I found in Slack a few months back. Even though the payload was only working because of a legacy migration, by utilizing Python’s AppKit to insert data into Chrome’s rich text format clipboard, I was able to add and modify the XSS payload already inside Slack.

Frans Rosén Slack XSS

Stealing all your passwords by just visiting a webpage. Sounds too bad to be true? That’s what I thought too before I decided to check out the security of the LastPass browser extension.

Cross Site Scripting Lastpass Mathias Karlsson XSS

Detectify’s knowledge advisor Frans Rosén wrote a blog post for the Bugcrowd Blog about using a Braun Shaver to Bypass XSS Audit and WAF.

bug bounty Bugcrowd Cross Site Scripting Frans Rosén XSS

A couple of weeks ago I put up a small challenge for a specific XSS problem, called Twins of Ten. The idea was to find a payload that was limited to ten characters, these characters would repeat once and you could expand it to how many pairs you wanted. The challenge was to both find the shortest payload but also find a way around the XSS Auditor inside Chrome / Safari.

Chrome Cross Site Scripting Safari Twins of Ten XSS

A while ago I found a vulnerable endpoint with some fun limitations. I though it could be exciting to see how you would go about breaking it.

Cross Side Scripting Twins of Ten XSS

Earlier this year I spent some days approaching Google as a target for some research. There was a long time since last time and I actually lost my 0x07 in their Security Hall of Fame. Some really great people took my spot, so it wasn’t that bad after all. Anyway, I wanted to share some funny techniques that I found to be really useful, you might already know about them – but with hindsight – not everyone seems to.

Cross Site Scripting Google Turkey XSS

The mind twister was to abuse the CSP headers to inject a javascript through a third-party domain that only allowed SWF-upload. A few Payment Service Providers offers bug bounty programs. On one of the providers I was able to find a stored XSS on the receipt-page of a successful payment. The receipt page had a permalink-URL that was sent out by email to the buyer. This meant that the XSS could be accessed by anyone that had the receipt-link.

bug bounty Frans Rosén XSS

Linus (@_zulln) is a 15 year old Swedish bug bounty hunter with a great sense of security and how to bypass it. This blog post is written by him.

Android Ethical Hacking XSS Zoho

While implementing a new JavaScript engine into Detectify, we discovered that the XSS auditors in modern browsers wasn’t as good at catching special cases as we thought. Considering that we had such a good response to our previous post on bypassing the Chrome XSS Auditor, we thought this would make a fitting post. But nevermind the details, let’s get to it!

Auditor bypass XSS