About  Project Blog Resources

Resources

People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!

Universal XSS in several iOS browsers- 172

0x65Posted 5 Years Ago
  • Cross site scripting (XSS) is when JavaScript can be ran on the domain as the current user through injected JavaScript. This is bad in its own right.
  • What if there was an XSS bug that affected every website on the internet? Well, that is a Universal XSS (UXSS). This tends to be a vulnerability with the browser itself!
  • The bug was within the Location Header of the incoming request. By adding JavaScript to this header, the previous domain (before clicking on this website) would execute the JavaScript! This could be used to steal sensitive information or make changes to the existing website.
  • This vulnerability existed in Brave, Cliqz and Firefox. It seems from a feature called bookmarklets that was added to Firefox for iOS.

Maxwell DulinEmail me!TwitterGithubAdminBlog RSS FeedResources RSS Feed