Category: PoC

Dynamic Library Injection into BurpSuite on MAC OSX

Roll-your-own dylib for injection to JavaApplicationStub Published February 13, 2021 Author: David Hoyt @h02332 tl;dr Inject a dylib Calculator to Burpsuite Summary This basic example of dynamic code injection for pwn fun details popping Calculator using a dylib injected to Burpsuite. In the past, Portswigger has fielded PoC’s showing Calculator being injected to BurpSuite as […]

XSS, homes.yahoo.net, Cross Site Scripting, Javascript Injection, CWE-79, CAPEC-86, PoC, Resolved

PoC Summary The Mortgage Calculator in homes.yahoo.net was vulnerable to Reflected Cross Site Scripting (RXSS) in multiple parameters. Reported to Y! Security in October 2013 and more recently resolved, this PoC was outside the Scope of the Y! Bug Bounty Program.  Y! Bug Bounty Scope XSS in homes.yahoo.net The domains and properties below are in […]