Nam Le

Security Engineer - Web Developer

Hi There & Welcome to My Corner of the Web!

I'm Nam Le, a security engineer & web developer in Viet Nam. I'm happy to share my knowledge on my blog. Follow me on Twitter/X.

Get in Touch

Writing

How I found DOM XSS via postMessage on Bing.com - Microsoft Bug Bounty

The website Bing.com has message event listeners. I found a feature that listens for postMessage with two arguments to update the User header bar with the user's points badge. The following are the steps I took to find the DOM XSS.
View All Posts