cache Authenticated CORS with Access-Control-Allow-Origin: * During one of my BugBounty session on a program from YesWeHack I came across an API with with some personal informations and the header Access-Control-Allow-Origin: *. Here is how I managed to steal the
xss YesWeHack & Alibaba Security Meetup challenge solution The goal of the challenge was to find an XSS vulnerability on a minimalist website.It was composed of 3 steps of increasing difficulty in the form of extra security layer. All the
xss Spooky Challenge Solution After 30 days of competition, the event is now over and only one team managed to solve the last part and claim the prizes. The goal was to find an XSS to alert
xss FindBUG XSS Challenge Here is my solution to the XSS challenge by Brutelogic and FindbugThe challenge was pretty simple, you just need to pop an alert on the vulnerable webpage using an xss.The code was