Skip to content

David Sopas – Security Researcher

I hack and I love it!

  • Home
  • About
  • Advisories
  • Contacts

Tag: xss

  • Home
  • xss

Meter HTML5 XSS filter bypass

  • Tips and Tricks
Posted on January 11, 2017January 13, 2017

I was playing around with some new HTML5 features and noticed a funny one. Meter gives you a cool progress bar on-the-fly – https://developer.mozilla.org/en-US/docs/Web/HTML/Element/meter Immediately […]

Read More

Multiple vulns on mTouch Quiz WordPress plugin

  • Advisories
Posted on December 18, 2015

Plugin link: https://wordpress.org/plugins/mtouch-quiz/ Active Installs: 5,000+ Version tested: 3.1.2 CVE Reference: Waiting mTouch Quiz lets you add quizzes to your site. This plugin was designed […]

Read More

XSS on a input hidden field

  • Tips and Tricks
Posted on December 14, 2015

…where you have the input sanitized for ‘<> chars. I come across a web application on a bounty program where the returnurl was placed in […]

Read More

Tiny XSS exploitation

  • Tips and Tricks
Posted on November 9, 2015

A well-known website had a limit of 32 chars on the user name field that was reflected in the public profile area. That field allowed […]

Read More

Get a bounty on a WordPress blog

  • Tips and Tricks
Posted on October 16, 2015

I would like describe a step-by-step of my latest “appreciation program” reward on a security issue in a WordPress plugin. First things first – check […]

Read More

Events Made Easy WordPress plugin CSRF + Persistent XSS

  • Advisories
Posted on October 15, 2015November 23, 2018

Plugin link: https://wordpress.org/plugins/events-made-easy/ Active Installs: 10,000+ Version tested: 1.5.49 CVE Reference: Waiting Events Made Easy is a full-featured event management solution for WordPress. Events Made […]

Read More

Komento Joomla! component Persistent XSS

  • Advisories
Posted on September 30, 2015

CVE Reference: CVE-2015-7324 Komento is a Joomla! comment extension for articles and blogs in K2, EasyBlog, ZOO, Flexicontent, VirtueMart and redShop. @http://stackideas.com/komento I found out […]

Read More

Results for the XSS challenge

  • Bug Bounty
  • Challenge
Posted on August 19, 2015August 19, 2015

For the first challenge it was very interesting. It was easy challenge but it’s a start. New challenges will be up soon. The winners are […]

Read More

Win $50 Amazon Gift card with a XSS challenge

  • Challenge
Posted on August 14, 2015September 30, 2017

I’m a big fan of XSS and to make my new website more visible to the infosec guys I’m offering two Amazon gift cards. The […]

Read More

Google Chrome XSS bypass by BruteLogic

  • Interesting Readings
Posted on August 10, 2015

#ChromeBypass <svg><script>0<1>alert('XSS')</script> pic.twitter.com/msMpVmplUo — Brute Logic (@brutelogic) August 10, 2015

Read More

Posts navigation

Prev

Recent Posts

  • I printed a 3D box for my bettercap arsenal and I liked it
  • Our DEF CON 28 day was a blast
  • DEF CON 28 here I go
  • A small gesture on this pandemic times
  • Checkmarx Security Research Team latest work

Recent Comments

  • David Sopas on BLE Driving 101
  • JIm K on BLE Driving 101
  • David Sopas on XSS on a input hidden field
  • shi on XSS on a input hidden field
  • David Sopas on Free online tools to help your #bugbounty

Archives

  • August 2020
  • July 2020
  • June 2020
  • March 2020
  • December 2019
  • August 2019
  • March 2019
  • February 2019
  • December 2018
  • November 2018
  • October 2018
  • August 2018
  • April 2018
  • January 2018
  • December 2017
  • November 2017
  • October 2017
  • September 2017
  • June 2017
  • April 2017
  • January 2017
  • November 2016
  • October 2016
  • August 2016
  • March 2016
  • January 2016
  • December 2015
  • November 2015
  • October 2015
  • September 2015
  • August 2015

Categories

  • Advisories
  • Bug Bounty
  • Challenge
  • Donations
  • Hardware
  • Inspiration
  • Interesting Readings
  • IoT
  • Life Style
  • Meetings
  • My Events
  • News
  • Papers
  • Swag
  • Tips and Tricks
  • Tools
  • Travel
  • Warning
Copyright © 2022 Biographyn by Theme Palace | Privacy Policy