XSS by Javascript Overriding

This post describes an interesting XSS that I recently encountered. I'll describe my thought process during the exploitation of this vulnerability as well. Shortly after taking part in H1-702 (Hackerone's latest Live Hacking Event at time of writing), I was sitting in my room in the Luxor Hotel in Las…

Intigriti XSS Challenge - August 2021 - A venture into prototype pollution

When I started the challenge, I was greeted with this: Hovering over the links, I noticed that the links contained a recipe parameter. So, I opened the link in a new tab. Clearly the parameter was being processed somewhere, so figuring out where it was taking place was important. In…

Stored XSS on the DuckDuckGo search results page

This XSS was accidental. For whatever reason, I was messing about with the searchbar, putting various payloads into it without expecting to find anything. So eventually, I put in the following payload into the searchbar: "><img src=x> And of course, nothing happened. But something caught…