Search Hashnode

Search posts, tags, users, and pages

Discussion on "DOM XSS to Account Takeover: Not-So-Dirty Dancing in GIS SDK" | Hashnode

Feed

Discussion

HamidSj

Software Engineer | Security Researcher

Dec 7, 2025

DOM XSS to Account Takeover: Not-So-Dirty Dancing in GIS SDK

It was just another bug hunting session on a public program. The scope wasn't huge - only a couple of domains to work with - but that's often where you find the best bugs. I had been grinding on this program for about 8 hours total, with roughly 6 of...

blog.voorivex.team9 min read

#oauth2 #xss #account-takeover #exploit

Responses(6)

Adam Noverian

Dec 24, 2025

On first image. How did you find that code? Didn't regex like that happen on backend?

Most discussed

G
When RAM Matters: Memory Efficiency of AWK Variants
23P D F9h ago
M
What is a Developer When We Use Coding Agents? My 1-Day BMAD Experiment
41D8h ago
M
The AI Skills Gap: Why Companies Still Can’t Find AI Engineers
1K1d ago
2
The Rise of Agentic AI and Smarter Search Algorithms
1M15h ago
T
Exploring Modern AI: Agentic Systems and Smarter Search Algorithms
1K11h ago

Avaz

Dec 10, 2025

Nice writeup XD

AmirAli Kariminasab

Dec 9, 2025

That was a much-needed write-up! I really liked your eye for detail.

Elyas Dehaty

Full Stack Developer

Dec 8, 2025

سلام چطور میتوانم درس صنف های تان اشتراک کنم؟

loghman nematzadeh

Dec 7, 2025

Extremely elegant, comprehensive, and perfectly written. 🔥🔥🔥

VCODER

Full Stack Web Dev & Bug hunter

Dec 7, 2025

Nice writeup and excellent work 👏🔥

Recent discussions

F
Navigating Trust in the Autonomous Age of AI Agents
1K8h ago
M
What is a Developer When We Use Coding Agents? My 1-Day BMAD Experiment
41D8h ago
A
🤖 AI Agents Weekly: Claude Code Review, AutoHarness, Perplexity Personal Computer, Cloudflare /crawl, Context7 CLI, and More
1K8h ago
G
When RAM Matters: Memory Efficiency of AWK Variants
23P D F9h ago
Q
1M Token Context Windows Just Went GA - Here's What Actually Changes
1K9h ago