JSFScan.sh - Automation For Javascript Recon In Bug Bounty

Blog can be found at https://medium.com/@patelkathan22/beginners-guide-on-how-you-can-use-javascript-in-bugbounty-492f6eb1f9ea?sk=21500dc4288281c7e6ed2315943269e7 Script made for all your javascript recon automation in bugbounty. Just pass subdomain list to it and options according to your...

Shopify: H1514 DOMXSS on Embedded SDK via Shopify.API.setWindowLocation abusing cookie Stuffing

Hi Team! I'm reporting a rather unusual DOMXSS that allows an attacker to perform a XSS attack on any Shopify apps that use the Embedded SDK. To exploit this, several techniques were chained together: Cookie Stuffing - Login CSRF - Not Open Redirect - DOMXSS. Details Inspired by 381192, I decided...

Semmle: DOMXSS in redirect param

Summary The redirect param can consist of a javascript: url, which results in XSS. If a victim visits a malicious URL and logs in, the attacker can perform actions on behalf of the victim. Steps to reproduce 1 Logout 2 Visit...

XSS Vulnerability in 360 Browser Reading Mode Plugin

360 Browser 360 Security Browser launched by Beijing Qihoo Technology Co. A DOMXSS vulnerability exists in the Reading Mode plugin of 360 Browser, where materialized tags can also trigger xss, leading to the execution of xss bypassing waf rules...

GSA Bounty: Defacement of catalog.data.gov via web cache poisoning to stored DOMXSS

An attacker can deface various pages on catalog.data.gov, leading to them executing malicious JavaScript when visited by a normal user. The root problem is that the server trusts the X-Forwarded-Host HTTP header, and uses this to populate the 'data-site-root' and 'data-locale-root' attributes on...

MDwiki <= v0.6.2 DomXSS Vulnerability

Originally thought just Tencent a site to achieve the problem, behind the Black brother reminded me to see the source code in the Github address, only to find that is open source MDwiki General system. （MDwiki is a completely using HTML5/Javascript technology to build, runs completely on the...

Informatica: [alpha.informatica.com] Expensive DOMXSS

Hi again, The page at https://alpha.informatica.com/assessmentBase/assessment.html contains the following JavaScript: var baseHeaderElement = ''; $'head'.appendbaseHeaderElement; An attacker can exploit this using a protocol-relative URL. In Chrome, open the following URL and either proxy though...

X (Formerly Twitter): DOMXSS in Tweetdeck

Hi, I would like to report a DOMXSS issue in TweetDeck. Details In Tweetdeck, a tweet contains info of what client app the user used to sent the tweet. The render process is vulnerable to DOMXSS. In https://ton.twimg.com/tweetdeck-web/web/dist/bundle.6f91b4e832.js, the following line is responsib...