You still need something to serve you the initial document.write js, unless you are going to convince people to open your links with locally saved "index.html". I called it "XSS" because you can execute arbitrary…
You are abusing trust - now it's going to be the jstrieb.github.io who is serving malware, and since his system serves whatever JS I provide by design it becomes a very effective XSS host.
according to people briefed on the operation. The article smells of Soviet propaganda machine by claiming to conduct a successful offensive yet providing no way of verifying even the very fact it happened.
You still need something to serve you the initial document.write js, unless you are going to convince people to open your links with locally saved "index.html". I called it "XSS" because you can execute arbitrary…
You are abusing trust - now it's going to be the jstrieb.github.io who is serving malware, and since his system serves whatever JS I provide by design it becomes a very effective XSS host.
according to people briefed on the operation. The article smells of Soviet propaganda machine by claiming to conduct a successful offensive yet providing no way of verifying even the very fact it happened.