Johan Carlsson

  • CSP bypass on PortSwigger.net using Google script resources

    Portswigger just disclosed a report of mine over on HackerOne. It’s an unusual report in that the issue reported is purely a CSP bypass. I thought that I could provide a bit of context to the report to answer some questions raised in relation to it. First a TL;DR

  • Hunting for Prototype Pollution gadgets in jQuery (intigriti 0124 challenge)

    This post summarizes what I learned from spending way too much time on the Intigriti January 2024 challenge created by Kevin Mizu. The challenge made for a great exercise using prototype pollution as a vector to achieve cross-site scripting. It also allowed me to practice some JavaScript source code review. I will not go into…

  • Having some fun with JavaScript hoisting

    This will be a quick recap of some XSS challenges posted on Twitter during November/December of 2023, showing the usage and abuse of hoisting in JavaScript. If you have not had time to try the challenges yourself, I suggest doing that before reading any further. You learn more by banging your head against the problems…

  • CVE-2022-4908: SOP bypass in Chrome using Navigation API

    Last year, I discovered a Same-Origin Policy (SOP) bypass in Chrome that allowed an attacker to leak the full URLs of another window’s navigation history. While attacks could be conducted cross-origin, these attacks were only possible if the two windows were at the same time considered same-site (If you are not familiar with the concepts…

  • My new blog (again)

    Welcome to my new blog, again. I don’t know what iteration of “my blog” this is, but I do know that I have tried more times than I dare to admit creating a space for myself on the wide web. This time I am back using WordPress and thought I should explain what led me…

  • GitLab: CVE-2023-5009

    Release notes cve.mitre.org bleepingcomputer.com

  • Grafana: CVE-2023-1387

    Report https://grafana.com/blog https://grafana.com/security/security-advisories/cve-2023-1387/

  • BBRE interview

    I joined Grzegorz Niedziela from Bug Bounty Reports Explained for a chat about bug bounties and security research

Advisories