https://tahadraidia.com/tags/javascript/Recent content in Javascript on Taha DraidiaHugo -- gohugo.ioen-usTue, 05 May 2020 00:00:00 +0000https://tahadraidia.com/posts/micha%C5%82-bentkowski-xss-challenge/Tue, 05 May 2020 00:00:00 +0000https://tahadraidia.com/posts/micha%C5%82-bentkowski-xss-challenge/Back in April, Michał Bentkowski posted an XSS challenge on twitter. So I decided to give this a try and here is my write-up about it. The first thing that I noticed when I visited the page is that the challenge was served via GitHub Pages. From there, I knew that CSP did not apply to the challenge. The challenge rules were as follows: Please enter some HTML. It gets sanitized and inserted to a <div>.https://tahadraidia.com/posts/xmas-amazon-self-xss/Thu, 02 Apr 2020 00:00:00 +0000https://tahadraidia.com/posts/xmas-amazon-self-xss/It’s been a long time since my last blog post, as I was preparing for my OSCP. Well, I’m glad to inform you all that I’m now an Offensive Security Certified Professional. In this post, I will walk you through how, in less than five minutes, I found a self-XSS bug on the main Amazon.com website. It was Chrismas time and a colleague of mine had introduced me to Amazon Prime Video, so I decided to take a look at it.https://tahadraidia.com/posts/xss-via-angularjs-template-injection_hostinger/Fri, 17 Aug 2018 00:00:00 +0000https://tahadraidia.com/posts/xss-via-angularjs-template-injection_hostinger/Introduction This is a write-up of an AngularJS Template Injection I found in the main domain of Hostinger. If you don’t know what’s client-side template injection I invite you to take a look at those links [1][2]. Please note that this is my first write-up, I hope you’ll enjoy it. It all started when @berkanexo was telling me that he got listed on Hostinger Wall Of Fame so I decided to take a look at their website.