GTFO Mr. User

"GTFO MR. USER" is the talk from the speaker David Sopas at BSidesLisbon 2017. The co-founder of Char49 will present real case scenarios (aka hacking to PoC) showing the danger of large organizations ignoring high and critical security issues, with repercussions that would affect millions should the...

Stored XSS in olx.pt

Our team leader found a stored XSS in olx.pt. When submiting a new ad, it was possible to add a XSS payload on data[person]. The ad got approved without reflection on the output of this field, it was sanitized. Afterwards when we try to edit the ad, the payload was launched, so the input wasn't sani...