DOJO CHALLENGE #17 Winners!
ID: 17e9b737-31d6-509f-8b7f-5f90a1d73d58
STIX ID: report--17e9b737-31d6-509f-8b7f-5f90a1d73d58
Feed Name: YesWeHack Blog | Cybersecurity Insights and Bug Bounty Trends| RSS Feed
Threat Score
This write-up documents an XSS challenge where the attacker-controlled $inject attribute on a script tag is used to load an external JS file that waits for a const-defined `secret` variable to be created, then displays it via alert; it also describes bypassing a replacement that blocks literal slashes by using the HTML entity `/`.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.
