XSSing Google Employees — Blind XSS on googleplex.com

Google is an enormous company and it’s dependent on thousands of suppliers to keep it running.And since it needs some way to keep track and pay their suppliers, it offers a public online tool where suppliers upload their invoices to Google. It is called Google Invoice Submission Portal and can be found on gist-uploadmyinvoice.appspot.com. The first thing you’ve probably noticed …

Nezabezpečený přístup k osobním údajům milionu uživatelů Leo Expressu

Leo Express je společnost provozující vlakové a autobusové linky v Česku a ve střední Evropě.
Když jsem se zaregistroval, všiml jsem si, že při každém načtení stránky se odesílá GraphQL požadavek na jejich server, který vrací údaje o mém účtu.
GraphQL je dotazovací jazyk, alternativa k RESTu, který v jednom požadavku vrací data definovaná na straně klienta.

Reflected XSS in Google Code Jam

Information about this XSS:The XSS will be fired in the toast message. Also, it seems like you have to open the homepage (https://codejam.withgoogle.com/2018/challenges/) at least once before visiting other pages there. POC: https://codejam.withgoogle.com/2018/challenges/0000000000007766/scoreboard/for/%3Cimg%20src=x%20onerror=alert(document.domain)%3E CSP: Due to CSP, this XSS will fire only in browsers where it’s not supported (i.e. IE). If we could somehow find a way to execute a …

Liking GitHub repositories on behalf of other users — Stored XSS in WebComponents.org

Video:   Steps to reproduce: 1. Create a Polymer element and publish it to github2. Set the repo homepage URL to: javascript:alert(document.domain)3. Publish it via https://www.webcomponents.org/publish4. Go to the element’s webcomponents.org page and click the homepage link       What can you do with this XSS: It’s possible if the user has authenticated using github on webcomponents.org before, to get the github auth code …