![Sonar_Research's tweet photo. 🧵 [1/4] Here is our DOMPurify 3.2.1 bypass, using a namespace confusion technique where each element is initially in a “correct” namespace.
When it was allowed, the ‘is’ attribute was not handled correctly, making the attribute content’s regex check obsolete.
#mXSS #XSS https://t.co/3sUBVRBnRR](https://pbs.twimg.com/media/GeXXId9WwAA-1V-.jpg)
Olivia
Online
rekter0
@rekter0
doing things @sundialxyz,
CTF @water_paddler / BlueWater
Joined December 2019
547 Following
867 Followers
63 Posts
Introducing HTTP/2 Bomb: a remote DoS in nginx, Apache httpd, Microsoft IIS, Envoy, and Cloudflare Pingora. A single client pins 32GB of server memory in 10s. Found by Codex.
Blog post: https://t.co/WO9MeExoun
PoCs: https://t.co/NpVgEHBHPl
"Dad, what was it like playing CTFs before AI?"
@_riatre Codex with few kb md files to fill in some gaps
Who to follow
stypr
@brokenpacifist
Touring sourcecodes @dfsec_com
RT/Like bot
Pomme
@pxmme1337
Genuine oddity | Pomme@Hackerone | Pomme@Intigriti | ByeFelicia@BugCrowd | Senior Sec Engineer @ somewhere | Ex-HackerOne
Ian Bouchard
@Corb3nik
Co-Founder @CaidoIO | Security Enthusiast | CTF Fanatic | Bug Bounty Hunter
ctftime is also trolling llms solve stations with prompt injection
can we please get the libxml2 and ffmpeg people some cold cash, lambo's and decent quality blow as a token of appreciation for all the ASAN splats we throw over the fence and want to have fixed pronto? I know one man's trash (CVE's) is another man's treasure, but we gotta respect and support these hardworking devs a bit more. how else do you expect to play back (x-rated) flicks that come in esoteric video container formats or correctly render SVG's containing vector depictions of your favorite animals in safari?
@S1r1u5_ You guys should start using the same prettier conf
I discovered how to use CSS to steal attribute data without selectors and stylesheet imports! This means you can now exploit CSS injection via style attributes! Learn how below:
https://t.co/Tje8Ce8if0
🥈 Thrilled to nab 2nd as Blue Water, teamed up with @perfect_blue at DEFCON CTF Final 33!
🙌 Congrats to @mmm_ctf_team for their 4th straight 1st
💪 We’re gunning for the crown next year! Join our crew to make it happen! DM us or drop us an email! 🚀
#DEFCON #CTF
@blueminimal @sqrtrev Use sqlite atach database into css directory
Or use sqli to update user_tables obj column to trigger elixir binary to term deserialise rce
I just learned that OSC8 (hyperlinks) in Windows Terminal uses ShellExecute(). Excellent trolling potential for README files 😆
Now you know why
Jesse Pollak showing the ease of onboarding with Onflow.
Trade onchain with counterparties, not addresses, privately.
Finally, a small demo of the Onflow protocol, fully computed proof in zero-knowledge with no internet required.
Going live on Base soon, and many other ecosystems.
1-click ZK-KYC, everywhere, imminent✨
📝Another fantastic write-up about the Remedy Closed Beta Challenge. Dive into details https://t.co/0Ph1pxAFSJ
Big kudos to @rekter0 for this comprehensive breakdown🙏
Curious about and want to give it a shot? Join us on Discord to explore and take part https://t.co/RimDkMtQJM
A twitter content spoofing issue being exploited by same recent Ledger hackers?
you can put any username and as long as the tweet id is valid it will be redirected to the correct account.
the scam pages drain using same ledger hack contract bytecode
🤔
Thx for hosting such a great CTF. Great team work with @pb_ctf. Congraz to *0xA and MMM. See you guys in Final!
Blue Water places 2nd place in DEF CON CTF Finals!
Blue Water is a merger of @pb_ctf + @Water_Paddler + Samsung Research + Tea Deliverers.
Thank you to @Nautilus_CTF for the great CTF, and shoutout to all the other finalists!
See you next year? 😉
Last Seen Users on Sotwe
Fm75Receiver
新加坡 biantaisang(互推)
Seen from Singapore
ước có 6 múi
Seen from Vietnam
Pakistan Boys
Seen from Turkey
靈魂の慣性乄
👑 الدكتورة 👑جورجينا👑
Seen from France
Pass Kebumen👰🤵
Seen from Indonesia
gamze 29 cenk 33 evli çifttiz
Seen from Turkey
@35izmirli3510
Seen from Turkey
Castle Bravo
Seen from United States
Most Popular Users
Elon Musk
@elonmusk
240.1M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
108.8M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.2M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.5M followers
KATY PERRY
@katyperry
86.7M followers
Taylor Swift
@taylorswift13
80.5M followers
Lady Gaga
@ladygaga
72.1M followers
Kim Kardashian
@kimkardashian
69.3M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.4M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
60.9M followers
X
@x
60.9M followers
CNN Breaking News
@cnnbrk
59.9M followers