It’s no secret I am a big fan of many HackerOne bug reports and public penetration test reports authored by companies such as Cure53 and Least Authority.
In fact, pretty much every week I spend some of my free time reading bug reports. Regularly I stumble upon very interesting attack vectors and oftentimes learn tricks I had never seen before. This post is about one of the techniques I learned sometime ago whilst reading a report submited to HackerOne, authored by a bounty hunter named Daniel Tomescu.
more here...........http://blog.whatever.io/2015/03/07/on-the-security-implications-of-window-opener-location-replace/
In fact, pretty much every week I spend some of my free time reading bug reports. Regularly I stumble upon very interesting attack vectors and oftentimes learn tricks I had never seen before. This post is about one of the techniques I learned sometime ago whilst reading a report submited to HackerOne, authored by a bounty hunter named Daniel Tomescu.
more here...........http://blog.whatever.io/2015/03/07/on-the-security-implications-of-window-opener-location-replace/