I think every one of us is once in a while annoyed with obfuscated JavaScript. It’s because we know we can eventually reverse everything that’s client-side but it’s time-consuming and not fun. In this blogpost, Brett Bauerhaus described not only how he manually...
Client-side hacking techniques
Blind XSS in Apple’s website leads to a Harry Potter quote
Sam Curry discovered a blind XSS in the email field in one of Apple’s websites and found a quote from Harry Potter left on the internal website by an employee. From a technical standpoint, this is the email address that he used: If you want to know why is this a valid...
XSS With Hoisting
JavaScript hoisting (yes, “hoisting” and not “hosting”) is a feature of this language I hadn’t known about until recently but then I heard about it in the CTTB podcast, saw a challenge by Johan Carlsson and read a blogpost by @brutelogic. It’s a feature that allows...
Fuzzing XSS Sanitizers for Fun and Profit | @TomAnthonySEO
Earlier this year, I published a video about a payload that confused golang’s HTML parser which could lead to an XSS. While after the fact, I could explain the bug very logically, encountering it was nothing more than intuition and luck. Thus, when seeing other XSS...
CSRFing VS Code’s Debug Adapter Protocol
I think the attack scenario of sending requests from the victim’s browser to desktop apps or their extensions is undervalued and you can get good bounties with this attack scenario. Like Dan McNulty, who described what the DAP protocol is and how you can abuse it for...
Almost $19k for bugs in browser extensions
I think browser extension hacking is quite a good niche at the moment. A lot of bug bounty programs have their extensions in scope but, I don’t know how about you, I know very little about vulnerabilities in them. This article contains multiple writeups about bugs in...
XSS with script CSP bypass
This writeup shows a very interesting way of bypassing CSP by exploiting the fact that the nginx error page has no CSP in combination with using apis[.]google[.]com JSONP endpoint. In short, first, Kevin created an iframe with a non-existing path and then in the JSONP...
Cookie Bugs – Smuggling & Injection
This blogpost by Ankur Sundara once again proved useful for solving a CTF challenge. This time, one player use the empty cookie trick to solve my challenge in an unintended way. More about that in the video I’ll dedicate to the task but I’m sharing this already...
Little-known technique to exploit self-XSS with a serious impact
Self-XSS is often perceived as a bug without an impact. However, there is a simple yet impactful method of making a real self-XSS exploit. Surprisingly, this method is not that commonly known and while doing my XSS case study, I didn’t find a single report exploiting...
Simple and easy JavaScript Analysis
Among other superlatives, I would describe Jason Haddix as the person that used or at least tested every single web hacking tool out there. He’s very much into finding more bugs and saving time by using tools well so I’m always listening carefully wherever he shares...