Please don't upvote this post but let me know if your browser does weird things when viewing the post in comments please

My Opinion of XSS/CSS, Digital Forensic, and Digital Crime Investigation when I was a Young Student

Image Source It's another day and I have found a security vulnerability on another Hive block explorer! Dang, I wonder how vulnurable our block explorers are as @gaottantacinque have found the same

src DISCLOSURE: @drakos I found an XSS in one of the sites you maintain. Sending you the details in a private message! UPDATE: After the released fix, code execution is now prevented but the site is still

Test CONGRATULATIONS, YOU WON 10,000 STEEM !! I'M JUSTIN SUN AND I AM A VERY REPUTABLE PERSON, TRUST ME !! CLICK HERE to get your prize ! ( You'll just have to log in with your owner key. It's super safu,

A few days ago, the user @gaottantacinque brought a cross site scripting bug to my attention. This one, which was found there, was already fixed by the site operator @penguinpablo. But I did a little more

src I was trying to understand better how Hive works at a technical level, so I was going through some documentation and exploring the content of blocks. I came across [a transaction]( that displayed the

Teil 2 unserer Web #Pentesting für #Einsteiger Videoreihe ist live! Heute werfen wir einen Blick auf die drei Varianten von Cross-Site-Scripting. #XSS #CrossSiteScripting #Youtube #Video

DOMPurify XSS sanitizer for HTML, MathML and SVG Screenshots Hunter's comment A DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify works with a secure default, but offers

XSS Protect your website from Cross-site scripting Screenshots View Image Hunter's comment Sanitize untrusted HTML (to prevent XSS) with a configuration specified by a Whitelist. source XSS is a tool to

This post acts as a public XSS Security Test for my upcoming Post Editor on SteemWorld. Of course, it can be used to test against many different XSS attacks on other platforms as well. If you should see

Online panic occurred earlier this week when the users of a popular Ethereum blockchain explorer site has been opening up displaying the cryptic pop-up "l337" or "ELITE" indicating

XSS I've tried to hack steemit. Injecting a XSS attack. It didn't work. Congratulations steemit. Well done.

Szukam swojej paczki, znajduję XSS W 2016 roku, pod koniec listopada zamawiałem z allegro prezenty na mikołajki. Trochę się martwiłem, że nie dojdą na czas więc co kilka godzin sprawdzałem gdzie się znajdują

SAFE LINK [test](javascript:alert(1)) hello https:// prefix %3Cscript%3Ealert%281%29%3C%2Fscript%3E ≮ script ≯ alert(1) ≮ ∕ script ≯ buggy href here but safe Useful reads: Secure markdown OWASP XSS tricks

CSRF. Easy, enormously effective, frequently misunderstood. This attack can be called a sleeping lion because it is not taken as seriously as it should be. But what and just how bad is it? Cross-Site Request

iframe 보안 이슈를 우회하여 다른 여러 사이트를 화면에 표시하는 방법을 소개한다. 크롬에만 국한적인 방법이기때문에 정당한 해결책이라고 할 수는 없지만 이거라도 찾아낸 게 어딘가 싶다. 해결책 = Chrome extension 크롬 확장프로그램이 바로 그 해결책이었다. 해결책의 시초는 다음 확장 프로그램이었다. Split screen 이라는 프로그램이다.

주제 : iframe, http header 이해과정의 서술 (보안에 대해 쬐금 알게 된것도 ㅎㅎ) 목적: 힘들게 알아보았던 과정을 다시 잊어버리지 않기위한 복기 및 다른 사람들에게 알리는 것 현재 진행하고 있는 프로젝트의 가장 핵심이라고 볼 수 있는 기능을 구현함에 있어 어려움에 부딪혔다. 그 기능은 바로 iframe으로 띄운 다른 웹사이트의 내용을 현재

Expected behavior When clicking on links, refering steempayout.com I dont expect any xss vulnerabilities. Actual behavior There is the possibility to inject javascript to the side and this means I can