Categoría: writeups

Reflected DOM XSS

DOM XSS in AngularJS expression with angle brackets and double quotes HTML-encoded

DOM XSS in document.write sink using source location.search inside a select element

Reflected XSS into a JavaScript string with angle brackets HTML encoded

Multistep clickjacking

Exploiting clickjacking vulnerability to trigger DOM-based XSS

Clickjacking with a frame buster script

Clickjacking with form input data prefilled from a URL parameter

Remote code execution via polyglot web shell upload

Basic clickjacking with CSRF token protection