Gafnit Amiga shared a very nice writeup about the AWS SageMaker Jupyter Notebook instance takeover. The writeup contains a few cool tricks like exploiting self-XSS but what I'd like to focus on here is exploiting CSRF with modern browsers that default...
Client-side hacking techniques
CSRF in GraphQL
GraphQL CSRF? There’s no CSRF with application/json content type, is there? It’s true but only partially - you won’t send this request from an HTML form: But, according to Tomasz Swiadek and Andrea Brancaleoni, middleware will commonly help us and the following...
Cross-origin does not mean cross-site
For a long time, I was using the terms cross-origin or cross-site interchangeably, thinking they mean the same. But they don’t. It has important implications in case of CSRFs and SameSite cookies (because they are not SameOrigin cookies). Origin Origin is simple. It...
A surprising quirk of regexes in JavaScript
I have a very interesting and surprising behaviour of JavaScript that I discovered recently when hacking on Elastic. Take a look at this regular expression: It’s a strict host validation that should only allow sub1[.]example[.]com and sub2[.]example[.]com. The tool...