|
|
|
|
|
|
by homakov
4859 days ago
|
|
|
yes i fully agree with your points but it's still two vulns 1) detecting URL by assigning hash + onload (iframe) 2) detecting URL by assigning hash + timing of history (window) i just made it work for both frame/window this way |
|
|