Resources

People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!

Essentially, the Google Voice number '444-555-4455 <img src=x onerror=alert(1)>' had a DOM based XSS. This is very basic XSS that the bug finder actually found by a very basic payload.

The rest of the article goes into the client-side JavaScript that actually caused this issue. It essentially came down to a developer removing the bad characters from a string, putting this into a different variable, then using the wrong variable. Sometimes, security mistakes are that simple.