Geluchat
@gelu.chat
Baptiste Devigne | Bug Bounty Hunter | Most Impactful Team H1-0131 (AWS) | Eradicator H1-6102 (Salesforce)
🔗My blog https://gelu.chat/
🔗My blog https://gelu.chat/
Reposted by Geluchat
I'm happy to release a script gadgets wiki inspired by the work of @slekies, @kkotowicz, and @sirdarckcat in their Black Hat USA 2017 talk! 🔥
The goal is to provide quick access to gadgets that help bypass HTML sanitizers and CSPs 👇
gmsgadget.com
1/4
The goal is to provide quick access to gadgets that help bypass HTML sanitizers and CSPs 👇
gmsgadget.com
1/4
July 24, 2025 at 3:31 PM
I'm happy to release a script gadgets wiki inspired by the work of @slekies, @kkotowicz, and @sirdarckcat in their Black Hat USA 2017 talk! 🔥
The goal is to provide quick access to gadgets that help bypass HTML sanitizers and CSPs 👇
gmsgadget.com
1/4
The goal is to provide quick access to gadgets that help bypass HTML sanitizers and CSPs 👇
gmsgadget.com
1/4
Today was my last day as a pentester at Bsecure. After a three-year journey of hunting on the side, I’m ready to go all-in as a full-time bug bounty hunter. You can read about my journey from pentester to full-time hunter here: gelu.chat/posts/from-p...
Finding Freedom, One Bug at a Time: My Journey from Pentester to Full-Time Hunter
After seven years in pentesting, I transitioned full-time into bug bounty hunting, leveraging deep experience and continuous learning. This article shares key moments and insights from that journey.
gelu.chat
July 4, 2025 at 3:09 PM
Today was my last day as a pentester at Bsecure. After a three-year journey of hunting on the side, I’m ready to go all-in as a full-time bug bounty hunter. You can read about my journey from pentester to full-time hunter here: gelu.chat/posts/from-p...
Reposted by Geluchat
With @gelu.chat, we created a challenge for the @pwnmectf inspired by a bug he found in bug bounty a year ago! 🚀
If you have some time this weekend, give it a try! 👀
👉 pwnme.phreaks.fr
If you have some time this weekend, give it a try! 👀
👉 pwnme.phreaks.fr
February 28, 2025 at 9:23 PM
With @gelu.chat, we created a challenge for the @pwnmectf inspired by a bug he found in bug bounty a year ago! 🚀
If you have some time this weekend, give it a try! 👀
👉 pwnme.phreaks.fr
If you have some time this weekend, give it a try! 👀
👉 pwnme.phreaks.fr
Reposted by Geluchat
Apparently, navigating to a javascript: URL returning a string will write it as HTML to the DOM. This allows for an interesting XSS payload:
x.com/icesfont2/st...
x.com/icesfont2/st...
December 5, 2024 at 11:52 AM
Apparently, navigating to a javascript: URL returning a string will write it as HTML to the DOM. This allows for an interesting XSS payload:
x.com/icesfont2/st...
x.com/icesfont2/st...
Reposted by Geluchat
Check out the blog post for a full writeup and some other cool stuff :)
bsky.app/profile/jori...
bsky.app/profile/jori...
To summarize what I have learned about Mutation XSS, my CVE, and the solution to my challenge, I wrote a post going through it all.
If you like regular XSS, this is a whole new world of crazy techniques and many sanitizer bypasses. You too can learn this!
jorianwoltjer.com/blog/p/hacki...
If you like regular XSS, this is a whole new world of crazy techniques and many sanitizer bypasses. You too can learn this!
jorianwoltjer.com/blog/p/hacki...
Post: Mutation XSS: Explained, CVE and Challenge | Jorian Woltjer
Learn how to bypass HTML sanitizers by abusing the intricate parsing rules and mutations. Including my CVE-2024-52595 (lxml_html_clean bypass) and the solution to a hard challenge I shared online
jorianwoltjer.com
November 27, 2024 at 4:02 PM
Check out the blog post for a full writeup and some other cool stuff :)
bsky.app/profile/jori...
bsky.app/profile/jori...
Reposted by Geluchat
My challenge has been out for about a week with only one half-intended solution, so here's my solution!
November 27, 2024 at 4:02 PM
My challenge has been out for about a week with only one half-intended solution, so here's my solution!
Reposted by Geluchat
My latest blog post is live! nastystereo.com/security/cro...
Read how to send a cross-site POST without including a Content-Type header (without CORS). It even works with navigator.sendBeacon
Read how to send a cross-site POST without including a Content-Type header (without CORS). It even works with navigator.sendBeacon
November 27, 2024 at 9:10 AM
My latest blog post is live! nastystereo.com/security/cro...
Read how to send a cross-site POST without including a Content-Type header (without CORS). It even works with navigator.sendBeacon
Read how to send a cross-site POST without including a Content-Type header (without CORS). It even works with navigator.sendBeacon
Reposted by Geluchat
I’ve to say that I’m impressed by how @xbow.com managed to identify this SSRF vulnerability (and bypass a MIME filter on its way) 🤖
XBOW – SSRF & URI validation bypass in 2FAuth
XBOW discovered a Server-Side Request Forgery (SSRF) vulnerability in the OTP preview feature of the open-source project, 2FAuth.
xbow.com
November 24, 2024 at 2:38 PM
I’ve to say that I’m impressed by how @xbow.com managed to identify this SSRF vulnerability (and bypass a MIME filter on its way) 🤖
Reposted by Geluchat
Earlier this year, Assetnote's Security Research team discovered a vulnerability in Sitecore XP (CVE-2024-46938) that can lead to pre-authentication RCE.
Order of operations bugs are one of my favorite types of bugs :) Write up and exploit script here: assetnote.io/resources/re...
Order of operations bugs are one of my favorite types of bugs :) Write up and exploit script here: assetnote.io/resources/re...
November 22, 2024 at 5:50 AM
Earlier this year, Assetnote's Security Research team discovered a vulnerability in Sitecore XP (CVE-2024-46938) that can lead to pre-authentication RCE.
Order of operations bugs are one of my favorite types of bugs :) Write up and exploit script here: assetnote.io/resources/re...
Order of operations bugs are one of my favorite types of bugs :) Write up and exploit script here: assetnote.io/resources/re...
Reposted by Geluchat
P1/3 : DomPurify & Bootstrap n-days + Frontend tricks Ft. @geluchat.bsky.social @mizu.re 😘
www.youtube.com/watch?v=fnYS...
www.youtube.com/watch?v=fnYS...
EP 163 | DomPurify & Bootstrap n-days + Frontend tricks Ft. @Geluchat, @kevin_mizu
YouTube video by Laluka
www.youtube.com
November 22, 2024 at 4:58 PM
P1/3 : DomPurify & Bootstrap n-days + Frontend tricks Ft. @geluchat.bsky.social @mizu.re 😘
www.youtube.com/watch?v=fnYS...
www.youtube.com/watch?v=fnYS...
Reposted by Geluchat
I've just published 'Smashing the state machine: the true potential of web race conditions'! Dive in to arm yourself with novel techniques & tooling, and help reshape this attack class:
https://portswigger.net/research/smashing-the-state-machine
https://portswigger.net/research/smashing-the-state-machine
August 9, 2023 at 7:30 PM
I've just published 'Smashing the state machine: the true potential of web race conditions'! Dive in to arm yourself with novel techniques & tooling, and help reshape this attack class:
https://portswigger.net/research/smashing-the-state-machine
https://portswigger.net/research/smashing-the-state-machine