6:["$","div",null,{"className":"py-5","children":[["$","div",null,{"className":"flex flex-wrap items-center gap-3","children":[["$","span",null,{"className":"inline-flex size-9 shrink-0 items-center justify-center rounded-xl bg-muted text-lg text-primary","children":["$","i",null,{"className":"fa-jelly fa-regular fa-comment","aria-hidden":"true"}]}],["$","h3",null,{"className":"text-lg font-semibold tracking-tight text-foreground","children":"Comments"}],"$undefined"]}],["$","$L2c",null,{"initialItems":[{"postId":"6935bf119f6c54d920700211","slug":"not-so-dirty-dancing-in-gis-sdk","title":"DOM XSS to Account Takeover: Not-So-Dirty Dancing in GIS SDK","publishedAt":"2025-12-07T17:53:21.942Z","authorName":"VCODER","authorUsername":"vc0d3r","authorAvatarUrl":"https://cdn.hashnode.com/res/hashnode/image/upload/v1755971718907/685e8c38-e61b-4e39-b9b9-b59caf190ce5.jpeg?w=80&h=80&fit=crop&crop=faces&w=500&h=500&fit=crop&crop=entropy&auto=compress,format&format=webp&auto=compress,format&format=webp","commentType":"comment","commentSource":"post","commentPermalink":"/posts/not-so-dirty-dancing-in-gis-sdk/6935b9294a0453e1cf983805/comment/6935bf119f6c54d920700211","parentThreadTitle":"DOM XSS to Account Takeover: Not-So-Dirty Dancing in GIS SDK","parentThreadSlug":"not-so-dirty-dancing-in-gis-sdk","parentThreadHref":"/posts/not-so-dirty-dancing-in-gis-sdk/6935b9294a0453e1cf983805","contentHtml":"

Nice writeup and excellent work 👏🔥

\n","upvotes":0},{"postId":"66e995e471770e9a54e291d4","slug":"account-takeover-due-to-dns-rebinding","title":"Account Takeover due to DNS Rebinding","publishedAt":"2024-09-17T14:44:52.408Z","authorName":"VCODER","authorUsername":"vc0d3r","authorAvatarUrl":"https://cdn.hashnode.com/res/hashnode/image/upload/v1755971718907/685e8c38-e61b-4e39-b9b9-b59caf190ce5.jpeg?w=80&h=80&fit=crop&crop=faces&w=500&h=500&fit=crop&crop=entropy&auto=compress,format&format=webp&auto=compress,format&format=webp","commentType":"comment","commentSource":"post","commentPermalink":"/posts/account-takeover-due-to-dns-rebinding/66e98ac1e42f1a7e03167b3b/comment/66e995e471770e9a54e291d4","parentThreadTitle":"Account Takeover due to DNS Rebinding","parentThreadSlug":"account-takeover-due-to-dns-rebinding","parentThreadHref":"/posts/account-takeover-due-to-dns-rebinding/66e98ac1e42f1a7e03167b3b","contentHtml":"

nice writeup , thanks for sharing

I have a question : so if the next_check() checks (verify) the cname record every time (when function called) and if it matches \"hashnode.network\" it will prevent this attack ?

and the cause of this vulnerability is because hashnode only verifies the cname record once , only when it is adding to the db, , am I correct?🤔

\n","upvotes":0},{"postId":"66e76fb27b40d2b875a295aa","slug":"cache-poisoning-leads-to-stored-xss-manipulation-of-response-via-accept-header","title":"Cache Poisoning Leads to Stored XSS: Manipulation of Response via Accept Header","publishedAt":"2024-09-15T23:37:22.615Z","authorName":"VCODER","authorUsername":"vc0d3r","authorAvatarUrl":"https://cdn.hashnode.com/res/hashnode/image/upload/v1755971718907/685e8c38-e61b-4e39-b9b9-b59caf190ce5.jpeg?w=80&h=80&fit=crop&crop=faces&w=500&h=500&fit=crop&crop=entropy&auto=compress,format&format=webp&auto=compress,format&format=webp","commentType":"comment","commentSource":"post","commentPermalink":"/posts/cache-poisoning-leads-to-stored-xss-manipulation-of-response-via-accept-header/66e1d4b6821d8f7ceb764b90/comment/66e76fb27b40d2b875a295aa","parentThreadTitle":"Cache Poisoning Leads to Stored XSS: Manipulation of Response via Accept Header","parentThreadSlug":"cache-poisoning-leads-to-stored-xss-manipulation-of-response-via-accept-header","parentThreadHref":"/posts/cache-poisoning-leads-to-stored-xss-manipulation-of-response-via-accept-header/66e1d4b6821d8f7ceb764b90","contentHtml":"

nice catch !

\n","upvotes":0}],"initialHasMore":false,"loadMoreUrl":"/api/profile/comments?limit=10&userId=6531a0c2bae28acdf39cfa0c","author":{"name":"VCODER","username":"vc0d3r","avatarUrl":"https://cdn.hashnode.com/res/hashnode/image/upload/v1755971718907/685e8c38-e61b-4e39-b9b9-b59caf190ce5.jpeg?w=80&h=80&fit=crop&crop=faces&w=500&h=500&fit=crop&crop=entropy&auto=compress,format&format=webp&auto=compress,format&format=webp"}}]]}]

VCODER

About

Available for

VCODER's blogs

Search Hashnode

VCODER

About

Available for

VCODER's blogs

Comments