Rising Nepal

 Steps: 1. Open the view only pdf file in Google Drive in new window 2. Scroll to the bottom of the file so that every page will render 3. Open developer Tools on separate windows by pressing F12 and select Console Tab 4. Paste the following code in the console tab. let jspdf = document.createElement( "script" ); jspdf.onload = function () { let pdf = new jsPDF(); let elements = document.getElementsByTagName( "img" ); for ( let i in elements) { let img = elements[i]; console.log( "add img " , img); if (!/^blob:/.test(img.src)) { console.log( "invalid src" ); continue ; } let can = document.createElement( 'canvas' ); let con = can.getContext( "2d" ); can.width = img.width; can.height = img.height; con.drawImage(img, 0, 0); let imgData = can.toDataURL( "image/jpeg" , 1.0); pdf.addImage(imgData, 'JPEG' , 0, 0); pdf.addPage(); } pdf.save( "download.pdf" ); }; jspdf.src = 'https://cdnjs.cloudflare.com/

In this comprehensive post! You will learn the technique and concept of hunting XSS. No one will reveal his/her methodology of hunting bugs, because if everyone will we be following exact Steps of Hunting a particular bugs, Then after the passage of time, then the methodology will completely become useless. So, I will be sharing the core concept of hunting XSS, rather than telling you the exact Steps which I perform. So coming straight to point, let's start our discussion with the concept of XSS. For finding XSS, what we do ? 1. We try to find parameter (either GET based or POST based) 2. Filter those params, whose params value reflects on page. 3. Then we test simple xss payload i.e. <script>alert(1)</script> 4. If the parameter's value is reflecting but you are unable to execute simple xss payload due to WAF(Web Application Firewall) Then you try to bypass WAF, Such as if alert() function is a blocked keyword what if we try to execute this payload: <script>c