res-protocol

1 article

sort: new top best

bug-bounty480 google298 xss277 microsoft249 facebook212 rce160 apple150 exploit137 bragging-post102 account-takeover98 malware94 csrf84 cve80 privilege-escalation74 stored-xss65 authentication-bypass64 writeup61 reflected-xss57 react54 browser54 cloudflare51 ssrf51 dos50 phishing50 access-control49 cross-site-scripting48 input-validation48 node47 docker46 aws46 smart-contract45 sql-injection45 ethereum44 defi43 supply-chain43 web-security43 web-application42 oauth41 web339 burp-suite36 lfi35 idor34 vulnerability-disclosure34 html-injection33 race-condition32 smart-contract-vulnerability32 reverse-engineering31 clickjacking31 csp-bypass30 information-disclosure30

0 7/10

Self XSS using IE adobes

vulnerability

A DOM XSS vulnerability in Adobe's PDF ActiveX plugin (res://apds.dll/redirect.html) can be exploited via IE by using the xfa.host.gotoURL() function to bypass same-origin policy restrictions and execute arbitrary JavaScript without security warnings. The vulnerability chains a parameter injection flaw with Adobe's insecure URL redirect handling to achieve cross-domain XSS.

dom-xss cross-site-scripting internet-explorer adobe-pdf activex res-protocol pdf-exploit javascript-injection vulnerability-disclosure

CVE-2019-8160 APSB19-49 Adobe PSIRT MSRC KnownSec 404 Team Heige apds.dll

medium.com · devanshbatham/Awesome-Bugbounty-Writeups · 22 hours ago · details