AndrewNohawk

Tag: client side attack

CodingSecurity

Persistent XSS: more than a popup :)

So a while ago I asked if I was allowed to play with http://www.bravadogaming.com/ and I got a positive response, I kinda looked around at their custom CMS,  didnt see anything immediately available, playing with cookies, changing values here and there, got some SQL errors on http://www.bravadogaming.com/articles/%27%20OR%201=1%20#/ but nothing really spectacular: I looked around some…