Evading defences using VueJS script gadgets
https://portswigger.net/research/evading-defences-using-vuejs-script-gadgets
vue 2.x 與vue 3.x 的 XSS 攻擊方式
https://portswigger.net/web-security/cross-site-scripting/cheat-sheet#vuejs-reflected
攻擊手法:
Directives
Shortening payloads
Events
Mutation and CSP
Adapting payloads for V3
Teleport
Use cases:
WAF
Sanitizers
CSP
#Vue, XSS, reflected
留言
張貼留言