Website is upgrading. We will get back soon with latest updates. Thanks for your kind support.

Search

Suggested keywords:

Nicely asking our users to update the app through an XSS attack

post-title
image

Not OP, but according to the article some of the html payload originates from a 3rd party, stackoverflow.com – not a huge risk unless stackoverlow is compromised. Also the post is misleading, they are not using an XSS attack to notify the update, they are utilizing a possible XSS vulnerability in their code that dangerously injects html from a server payload, but there may or may not have been any real attack vectors. Dangerously doing something doesn’t always mean the code is vulnerable. They did not intend this html payload to contain scripts, but they had no other way to inject a new script to the page, so they used XSS techniques to do it.

You should write because you love the shape of Flow and sentences and the creation of different words on a page.
Social Media

Leave a Reply

Subscribe

to Our Newsletter