Author Archives: Brute Logic


May 23rd, 2017 | 🕒

Performing XSS emulation in console with jQuery.getScript() to achieve RCE in 3 different up-to-date CMSes: WordPress 4.7.5, Joomla! 3.7.2 and

The Genesis of an XSS Worm

July 6th, 2016 | 🕒

Watch an XSS worm infecting users of a social network coded from scratch. For more info check:

Leveraging a Self-XSS

April 2nd, 2016 | 🕒

In this video we can see how to use CSRF (Cross Site Request Forgery) to leverage a self XSS (Cross

Cerberus XSS Payload

February 6th, 2015 | 🕒

Cerberus*, a triple XSS payload against the sites “”, “” and “”. The last one (“”) required a little change,