Category: Writeups
-
Sandbox-iframe XSS challenge solution
This is a writeup describing the solution to a small XSS challenge I posted on Twitter in May 2024
-
CSP bypass on PortSwigger.net using Google script resources
Portswigger just disclosed a report of mine over on HackerOne. It’s an unusual report in that the issue reported is purely a CSP bypass. I thought that I could provide a bit of context to the report to answer some questions raised in relation to it. First a TL;DR
-
Hunting for Prototype Pollution gadgets in jQuery (intigriti 0124 challenge)
This post summarizes what I learned from spending way too much time on the Intigriti January 2024 challenge created by Kevin Mizu. The challenge made for a great exercise using prototype pollution as a vector to achieve cross-site scripting. It also allowed me to practice some JavaScript source code review. I will not go into…
-
CVE-2022-4908: SOP bypass in Chrome using Navigation API
Last year, I discovered a Same-Origin Policy (SOP) bypass in Chrome that allowed an attacker to leak the full URLs of another window’s navigation history. While attacks could be conducted cross-origin, these attacks were only possible if the two windows were at the same time considered same-site (If you are not familiar with the concepts…