Geluchat
@gelu.chat
Baptiste Devigne | Bug Bounty Hunter | Most Impactful Team H1-0131 (AWS) | Eradicator H1-6102 (Salesforce)
🔗My blog https://gelu.chat/
🔗My blog https://gelu.chat/
Reposted by Geluchat
Check out the blog post for a full writeup and some other cool stuff :)
bsky.app/profile/jori...
bsky.app/profile/jori...
To summarize what I have learned about Mutation XSS, my CVE, and the solution to my challenge, I wrote a post going through it all.
If you like regular XSS, this is a whole new world of crazy techniques and many sanitizer bypasses. You too can learn this!
jorianwoltjer.com/blog/p/hacki...
If you like regular XSS, this is a whole new world of crazy techniques and many sanitizer bypasses. You too can learn this!
jorianwoltjer.com/blog/p/hacki...
Post: Mutation XSS: Explained, CVE and Challenge | Jorian Woltjer
Learn how to bypass HTML sanitizers by abusing the intricate parsing rules and mutations. Including my CVE-2024-52595 (lxml_html_clean bypass) and the solution to a hard challenge I shared online
jorianwoltjer.com
November 27, 2024 at 4:02 PM
Check out the blog post for a full writeup and some other cool stuff :)
bsky.app/profile/jori...
bsky.app/profile/jori...
Nice idea, I would love to be on the list!
November 23, 2024 at 5:32 PM
Nice idea, I would love to be on the list!