Категории

Reflect XSS with Content-Type: text/xml

Опубликовано: 18 Апрель 2026
на канале: Gocha Okradze
406
6

#TheFutureIsBright #BugBounty #bugbountytips Broken Crystals by https://brightsec.com

Reflect XSS on the https://brokencrystals.com/api/metadata with POST based request. Entry point after requesting returns XML based response with content-type: text / xml.
XML Child field reflects in the response and do not filter dangerous characters in correct way. What means it is vulnerable to reflect XSS

Lab: https://brokencrystals.com

play_arrow
8,103
79

The

The "Pivot Shift" test"explained
play_arrow
1,559
15

Как спрятать бомбу в кс на de dust 2

Как спрятать бомбу в кс на de dust 2
play_arrow
36,510
476

ချယ်ရီမြို့ ( Official Lyrics Video )

ချယ်ရီမြို့ ( Official Lyrics Video )
play_arrow
10,649
96

РУССКИЙ ШОКОЛАД! СЕРИЯ 24 ! 2010 МЕЛОДРАМА! СЕРИАЛ

РУССКИЙ ШОКОЛАД! СЕРИЯ 24 ! 2010 МЕЛОДРАМА! СЕРИАЛ"
play_arrow
2,283,522
38 тыс

The Luckydo Rap by Wowcrendor (WoW Machinima) | World of Warcraft

The Luckydo Rap by Wowcrendor (WoW Machinima) | World of Warcraft
play_arrow
31,174
3.6 тыс

00:00:00

The Constitutional Court is concerned about LGBT people, the Childfree Ban, and a Denunciation of...

The Constitutional Court is concerned about LGBT people, the Childfree Ban, and a Denunciation of...
play_arrow
1,754
55

НОВЫЙ RH❄I Viiper В ТОП 300 МИРА / ПАЛАЧ + ХОГ / ТОПОВЫЕ БОИ / Clash Royale

НОВЫЙ RH❄I Viiper В ТОП 300 МИРА / ПАЛАЧ + ХОГ / ТОПОВЫЕ БОИ / Clash Royale
play_arrow
115
3

Сервисы 1С для проверки ваших контрагентов. Быстро и надежно! ( запись от 28.03.2024 г.)

Сервисы 1С для проверки ваших контрагентов. Быстро и надежно! ( запись от 28.03.2024 г.)
Похожие видео
play_arrow
GraphQL - OS Command injection

GraphQL - OS Command injection
play_arrow
Self reflect XSS on the portswigger web security academy JWT lab

Self reflect XSS on the portswigger web security academy JWT lab
play_arrow
GraphQL - Chain Introspection with SQLi

GraphQL - Chain Introspection with SQLi
play_arrow
Chain File Upload with XSS

Chain File Upload with XSS
play_arrow
Directory Listing - Active scan

Directory Listing - Active scan
play_arrow
Reflect XSS with Content-Type: text/xml

Reflect XSS with Content-Type: text/xml
play_arrow
Reflect XSS 1

Reflect XSS 1
play_arrow
Dom XSS2

Dom XSS2
play_arrow
Dom XSS1

Dom XSS1
play_arrow
Common Files

Common Files
play_arrow
Login page Brute Force with ffuf

Login page Brute Force with ffuf
play_arrow
JWT Attack - Exploiting X5U Header injection

JWT Attack - Exploiting X5U Header injection
play_arrow
JWT attack - Exploiting JKU Header injection

JWT attack - Exploiting JKU Header injection
play_arrow
JWT Attack - Exploiting X5C Header

JWT Attack - Exploiting X5C Header
play_arrow
JWT Attack - JWK - JSON Web Key injection

JWT Attack - JWK - JSON Web Key injection
play_arrow
JWT Attack - Weak Key - Secret Brute force with Hashcat

JWT Attack - Weak Key - Secret Brute force with Hashcat
play_arrow
JWT Attack - Secret Brute force with Hashcat

JWT Attack - Secret Brute force with Hashcat
play_arrow
JWT Attack - Signature is not checked

JWT Attack - Signature is not checked
play_arrow
Check Time based SQLi

Check Time based SQLi
play_arrow
ჯვრის ტბა

ჯვრის ტბა
play_arrow
XSS from jpg with Amazon S3 Bucket

XSS from jpg with Amazon S3 Bucket
play_arrow
From CRLF to XSS on http://yun.oppo.com

From CRLF to XSS on http://yun.oppo.com
play_arrow
s3 Bucket Takeover by me

s3 Bucket Takeover by me
play_arrow
crlf injection on https://bug.qiwi.com

crlf injection on https://bug.qiwi.com