-
Sandbox-iframe XSS challenge solution
This is a writeup describing the solution to a small XSS challenge I posted on Twitter in May 2024
-
CSP bypass on PortSwigger.net using Google script resources
Portswigger just disclosed a report of mine over on HackerOne. It’s an unusual report in that the issue reported is purely a CSP bypass. I thought that I could provide a bit of context to the report to answer some questions raised in relation to it. First a TL;DR
-
Hunting for Prototype Pollution gadgets in jQuery (intigriti 0124 challenge)
This post summarizes what I learned from spending way too much time on the Intigriti January 2024 challenge created by Kevin Mizu. The challenge made for a great exercise using prototype pollution as a vector to achieve cross-site scripting. It also allowed me to practice some JavaScript source code review. I will not go into…
-
Having some fun with JavaScript hoisting
This will be a quick recap of some XSS challenges posted on Twitter during November/December of 2023, showing the usage and abuse of hoisting in JavaScript. If you have not had time to try the challenges yourself, I suggest doing that before reading any further. You learn more by banging your head against the problems…
-
CVE-2022-4908: SOP bypass in Chrome using Navigation API
Last year, I discovered a Same-Origin Policy (SOP) bypass in Chrome that allowed an attacker to leak the full URLs of another window’s navigation history. While attacks could be conducted cross-origin, these attacks were only possible if the two windows were at the same time considered same-site (If you are not familiar with the concepts…
-
My new blog (again)
Welcome to my new blog, again. I don’t know what iteration of “my blog” this is, but I do know that I have tried more times than I dare to admit creating a space for myself on the wide web. This time I am back using WordPress and thought I should explain what led me…
-
GitLab: CVE-2023-5009
Release notes cve.mitre.org bleepingcomputer.com
-
Grafana: CVE-2023-1387
Report https://grafana.com/blog https://grafana.com/security/security-advisories/cve-2023-1387/
-
BBRE interview
I joined Grzegorz Niedziela from Bug Bounty Reports Explained for a chat about bug bounties and security research