Story of a JSON XSS

Story of a JSON XSS
Hi folks, This post is about of one of my recent my finding in a bug bounty program. I started checking the application for common vulnerabilities but got nothing after spending an hour I came across an endpoint which looks as follows. If you look at request and response you will see the value of status parameter is reflecting back in the respo...

本博客加密文章何时公开说明(此文会列出曾经加密现已公开的文章)

本博客加密文章何时公开说明(此文会列出曾经加密现已公开的文章)
(此文会列出曾经加密现已公开的文章) 有很多朋友私信我说加密文章的密码,其实因为有些问题我没有提交给对方SRC,所以对方可能也暂时没有修复,所以我这边才加密的。不过,很多文章本人也在一点点的去除限制密码。有一些问题是刚刚提交到对方SRC,只要对方成功修复了,我这边就会立刻公开文章。 其实看文章个人认为主要就是学习思路。有一些文章很水,没办法,漏洞本身就是...