The network for creativity
Join 1.25M professional creatives like you
Connect with clients, get discovered, and run your business 100% commission-free
Creatives on Contra have earned over $150M and we are just getting started
Back to feedPost
WAF Bypass & XSS Discovery for E-Commerce Platform
Conducted a black-box security assessment for a high-traffic e-commerce marketplace (10M+ users).
The Finding: Reflected Cross-Site Scripting (XSS) in the search functionality.
Technical Details: The application employed a Web Application Firewall (WAF) that stripped standard XSS vectors (parentheses). I successfully bypassed this filter using ES6 Template Literals (backticks) to execute JavaScript.
Impact: Reported a P2 Vulnerability that could allow account takeover via session cookie theft.
Status: Reported via Vulnerability Disclosure Program (VDP).
The network for creativity
Join 1.25M professional creatives like you
Connect with clients, get discovered, and run your business 100% commission-free
Creatives on Contra have earned over $150M and we are just getting started
Trending
Notion
Notion isn’t just where you work, it’s starting to work for you. What agents are you building?
portfolioreview
The best portfolios tell a story, not just show a grid. Share yours for feedback.
brandguidelines
Brand guidelines are becoming living systems, not static documents. What are you building for your clients?
aivideo
AI video tools are moving at warp speed. Which ones are you experimenting with?
freelancerlife
Freelancer life is wins, pivots, and everything in between. What’s yours right now?