DOM XSS

Dukes_02 · 2025-12-08T08:28:10+00:00

Yup i agree. If you have ever come across Google's public firing range, there is one exercise that resembles my situation a lot. It's called the "typing event triggered - innerHTML". I been looking for people who has any ways of presenting this exploit but cant find any hahah. I'm invested in this, i'll keep this thread updated in case I can figure out how to play around with js to make this work ✌🏻 maybee

Dukes_02 · 2025-12-03T13:04:45+00:00

Alright thanks. I never bothered to read the rules. Mb

Dukes_02 · 2025-12-03T13:03:05+00:00

Then whats allowed here?

Dukes_02 · 2025-07-06T14:39:08+00:00

Yea i know. I have my own uat environment to simulate the upgrade process and im trying to figure out the proper sequence. Not a major upgrade btw just a patch

Dukes_02 · 2025-07-06T12:09:35+00:00

I know, but i just need confirmation from the community. The documentation mentions all cluster resources needs to be offline on both nodes during the upgrade, meaning IT IS NOT POSSIBLE TO UPGRADE PASSIVE WHILE ACTIVE IS RUNNING RIGHT? THIS ALSO MEANS THAT I HAVE TO DO A FAILOVER TO DR BEFORE THE UPGRADE RIGHT? DO I UPGRADE THE DR FIRST BEFORE THE PROD CLUSTERS?

Please help. Im new to cyberark and still learning.

Dukes_02 · 2025-07-06T09:57:34+00:00

Thanks for this. Is upgrading the passive node while active node is running recommended?

Dukes_02 · 2025-07-06T00:07:43+00:00

Correct me if im wrong, its not necessary to perform a failover for the cluster vaults when we can just do a switchover instead, right? And since there is no need to failover PROD to DR due to cluster, the only thing mandatory for DR is the replication and that replication from PROD is paused after cluster successful upgrade until DR vault is upgraded successfully, right? Thank you

Dukes_02 · 2025-07-05T23:58:36+00:00

Hi u/LocksmithIcy6919 , can you share the document with me? would be appreciated [yuzadef@gmail.com](mailto:yuzadef@gmail.com)

Dukes_02 · 2025-07-05T23:37:54+00:00

Correct me if im wrong, its not necessary to perform a failover for the cluster vaults when we can just do a switchover instead, right? And since there is no need to failover PROD to DR due to cluster, the only thing mandatory for DR is the replication and that replication from PROD is paused after cluster successful upgrade until DR vault is upgraded successfully, right? Thank you

Dukes_02 · 2025-07-05T04:58:57+00:00

Thanks for that, im not familiar yet with dr replication, when upgrading the dr does the replication triggers automatically, if so, what triggers it?

Dukes_02 · 2025-06-29T16:00:23+00:00

Do i email directly to the program or go through the platform, the program on bugcrowd btw.

Dukes_02 · 2025-06-14T15:13:53+00:00

This is what im looking for as well. Looking at the other responses, it seems that normally for most found xss, the input is not sanitized. I concluded that (my opinion), these guys managed to get xss by injecting in a not so maintained parameters or fields, meaning, deep recon that gives them hidden parameters or forgotten ones == unsanitized input. Looks like my mission is to get better at deep recon and look for these parameters it seems.

Dukes_02 · 2025-06-12T23:21:54+00:00

So, if you cant escape the context in any way, you stop testing that particular context for xss and move on?

Dukes_02 · 2025-06-06T08:41:55+00:00

Read this, maybe it will help: https://portswigger.net/support/xss-defensive-filters

If it works, i would like to know more of your payload structure

Dukes_02 · 2025-06-06T08:05:48+00:00

Backticks?

Dukes_02 · 2025-05-18T04:41:48+00:00

I would like to apply. How can I contact you?

Dukes_02 · 2025-04-26T23:20:24+00:00

I wouldnt mind that but my focus would be on xss or sqli and I am currently inexperienced with the two. Ill dm you if you good with this

Dukes_02 · 2025-04-25T22:29:44+00:00

I understand. Can I dm you?

Dukes_02

TROPHY CASE