User Profile

Me

harisec

About

No information has been set by the researcher

Recognised by

None listed.

harisec's challenge statistics

View Researcher Activity

2 total submissions

2 accepted

0 rejected




Easy A properly secured parameter

We recently learned that the message parameter on this page was vulnerable to XSS. While we couldn't afford changing this page, we configured our WAF to prevent exploitation. So it's all fine now,...
Category: Cross Site Scripting (XSS)
Completed on 13-11-2018

Medium/hard Can you XSS when redirecting?

You'll have to somehow get XSS. May be by stopping something? May be by abusing unexpected behaviour of browser? May be by fuzzing? All upto you. Note : Intended solution works in Firefox...
Category: Cross Site Scripting (XSS)
Completed on 13-11-2018