Fuzzing XSS Sanitizers for Fun and Profit | Tom Anthony
Source link
Related Articles
All Mix →
On Spending Time With the Opposite Sex
I don’t believe men and women in relationships should spend significant amounts of time with people of the opposite sex. It sounds very 1950s, but…
Open Sesame: Escalating Open Redirect to RCE with Electron Code Review
Table of Contents Discovering Vulnerable Config 🔗 Attempting XSS 🔗 Bypassing CSP 🔗 The Room of Requirement 🔗 Drive-By Code Execution 🔗 For better or…
Three Powerful Safari Features That Few People Use
Table of Contents Browsing and Search Snapback URL Path Navigation Web Inspector [Edit: An updated version of this post, with 6 additional features, can be…
NoSQL Injection: Advanced Exploitation Guide
Table of Contents Main differences between classic SQL injections and NoSQL injections Authentication bypass via operator injection Extracting data with time delays Executing server-side JavaScript…
[PoC Video] jQuery-File-Upload: A tale of three vulnerabilities
Table of Contents CVE-2018-9206: Unauthenticated arbitrary file upload vulnerability Remote code execution due to ImageTragick An intentional but vulnerable feature Remediation TL;DR Three vulnerabilities in…
Dynamic Content Generation (DCG) | Daniel Miessler
Table of Contents Table of Contents Examples Any format, length, and avatar At first it’ll be services, then it’ll be your personal AI The impact…