![Sonar_Research's tweet photo. 🧵 [1/4] Here is our DOMPurify 3.2.1 bypass, using a namespace confusion technique where each element is initially in a “correct” namespace.
When it was allowed, the ‘is’ attribute was not handled correctly, making the attribute content’s regex check obsolete.
#mXSS #XSS https://t.co/3sUBVRBnRR](https://pbs.twimg.com/media/GeXXId9WwAA-1V-.jpg)
Olivia
Online
Borna Nematzadeh
@LogicalHunter
Security Researcher
Joined November 2020
217 Following
3.1K Followers
237 Posts
Pinned Tweet
I've published my new research, "Exploiting Number Parsers in JavaScript". In this article, I’ve discussed the number parsers in JavaScript and the different attack scenarios you might encounter.
https://t.co/VMVqHF3j2q
Hacking Google with A.I. for $500,000
https://t.co/S8NbDU9ZaN
New Google VRP writeup "XSS in Google IDX Workstation" for a bounty of $22,500 by @sudhanshur705:
https://t.co/16Fz5H5f0R
@GoogleVRP disclosed my most impactful client-side report to date:
https://t.co/yGZJrSZEbe
TL;DR An attacker could've gained access to Gemini Code Assist Tools (GitLab, GitHub etc.) configured by the victim
Who to follow
"AI Agents for Offsec with Zero False Positives" by @moyix, a journey on how we managed to get 0 FPs with XBOW. You can find the slides for his BH talk here: https://t.co/vFEfm5HkxT
An Introduction to using Artificial Intelligence (AI) for Vulnerability Research https://t.co/952iFabRqd
❌ Eliminating almost all exploitable web vulnerabilities? This blog post covers how the Google security team implemented a high-assurance web framework to achieve this goal for its services, and what this framework's most important characteristics are.
https://t.co/dohOwvCOtz
Write-up of my v8 bug: Critical type confusion in V8's Turboshaft compiler allowed stale pointers to bypass GC, leading to exploitable memory corruption.
Full details + PoC: https://t.co/wxgl5BQQVK
It's an honor that my research, Exploiting Number Parsers in JS, has been nominated for the Top Ten Web Hacking Techniques of 2024. I discussed how discrepancies in JS number parsers could be used to carry out DoS attacks. If you find it interesting, please vote for it!
Voting is now live for the Top Ten (New) Web Hacking Techniques of 2024! Browse the nominations & cast your votes here: https://t.co/jnsqd0KvHT
Just discovered 10 memory corruption vulnerabilities in the popular Mongoose Web Server (11k stars on GitHub) by fuzzing its embedded TLS stack protocol with @aflplusplus. More technical details here: https://t.co/AzK6USwACO
There is no prize to perfection, only an end to pursuit
Released a new extension :)
- https://t.co/sphNJdvUyt for postMessages from all_frames.
- detects the scope of sent messages.
- origins that are insecure, will be prefixed with UNSAFE.
- detects if a website does not check .origin
- MessageChannel API
https://t.co/56gtuIU7qw
Awesome research!🔥
I'm thrilled to finally share my research on HTML parsing and DOMPurify at @GreHack 2024 📜
The research article is available here: https://t.co/GIqy0hTCdR
The slides are available here: https://t.co/97iiZgoJqb
1/3
I created a small tool to automatically set breakpoints in Chrome using the CDP (Chrome DevTools Protocol). It’s still in beta, but I’m actively working on a complete version.. https://t.co/8Hn5XgAWs1
I've published my new research, "Exploiting Number Parsers in JavaScript". In this article, I’ve discussed the number parsers in JavaScript and the different attack scenarios you might encounter.
https://t.co/VMVqHF3j2q
Here's a code snippet that as far as I can tell pretty much solves prototype pollution. It's based on https://t.co/VkshO7Wpyh, and after running it you can access an object's prototype with object[Symbol.instanceProto], and object["__proto__"] will be undefined.
![MtnBer's tweet photo. Here's a code snippet that as far as I can tell pretty much solves prototype pollution. It's based on https://t.co/VkshO7Wpyh, and after running it you can access an object's prototype with object[Symbol.instanceProto], and object["__proto__"] will be undefined. https://t.co/FX8hcseN9b](https://pbs.twimg.com/media/GbYNIeMWAAA4x_K.png)
Project Zero blog:
LLMs find 0days now! 👀
And: our fuzzer setup did *not* reproduce it! https://t.co/xz6j2fzrWe
@MiniMjStar بستگی داره دنبال چی باشی. برای api key اگه دنبالشی میتونی رجکس بنویسی دقیق تر باشه نتیجت. اگه یسری فیلد رو میخوای که صرفا یجای ریسپانس باشه میتونی از contain استفاده کنی. خودم از AutoRepeater استفاده میکنم
I have updated the list of custom filters for Logger++. The new additions include:
. New API Style (gRPC-Web)
. Improved previous filters
. Exposed API keys custom filters
. New filters for API vulnerabilities
https://t.co/XfoRQjvHmu
@MiniMjStar تمام آسیب پذیری های api رو قطعا کاور نمیکنه و یه حالت کلیه. میشه کاستومش کرد به ازای هر تارگت که نتیجه بهتری بده. یسری آسیب پذیری ها هم که ممکنه وجود داشته باشه و توی لاگ نشونت میده، نیاز به تست داره که مطمئن بشی واقعا هست یا نه
Last Seen Users on Sotwe
Trends for you
Most Popular Users
Elon Musk 
@elonmusk
240.2M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
109.3M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.4M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.6M followers
KATY PERRY
@katyperry
87M followers
Taylor Swift
@taylorswift13
80.8M followers
Lady Gaga
@ladygaga
72.4M followers
Kim Kardashian
@kimkardashian
69.5M followers
Virat Kohli
@imvkohli
68.9M followers
YouTube
@youtube
68.6M followers
Bill Gates
@billgates
63.5M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.5M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
60.1M followers