Martin Stoynov
@martinstnv.bsky.social
Security Engineer and Chapter Lead
Reposted by Martin Stoynov
In Chrome:
Object.values(this)[165].bind(this)()
Object.values(this)[165].bind(this)()
January 27, 2025 at 4:41 PM
In Chrome:
Object.values(this)[165].bind(this)()
Object.values(this)[165].bind(this)()
Reposted by Martin Stoynov
CVE-2023-34990 🤦♂️🤦♂️
December 18, 2024 at 2:26 PM
CVE-2023-34990 🤦♂️🤦♂️
Reposted by Martin Stoynov
A small code-golf web challenge (free research from you, for me), how short can you make a "fetch content and execute it inline".
There is a CSP in a meta tag.
Goal: get the content from the file hack.js and have it inserted in the page. like in the image
joaxcar.com/xss/self.html
There is a CSP in a meta tag.
Goal: get the content from the file hack.js and have it inserted in the page. like in the image
joaxcar.com/xss/self.html
December 12, 2024 at 1:00 PM
A small code-golf web challenge (free research from you, for me), how short can you make a "fetch content and execute it inline".
There is a CSP in a meta tag.
Goal: get the content from the file hack.js and have it inserted in the page. like in the image
joaxcar.com/xss/self.html
There is a CSP in a meta tag.
Goal: get the content from the file hack.js and have it inserted in the page. like in the image
joaxcar.com/xss/self.html
