Kévin Gervot (Mizu)
@mizu.re
About me?
| Website: https://mizu.re
| Tool: https://github.com/kevin-mizu/domloggerpp
| Teams: @rhackgondins, @FlatNetworkOrg, @ECSC_TeamFrance
| From: https://twitter.com/kevin_mizu
| Website: https://mizu.re
| Tool: https://github.com/kevin-mizu/domloggerpp
| Teams: @rhackgondins, @FlatNetworkOrg, @ECSC_TeamFrance
| From: https://twitter.com/kevin_mizu
Small teaser for Caido users :)
2/2
2/2
September 3, 2025 at 2:34 PM
Small teaser for Caido users :)
2/2
2/2
I was keeping this one for myself for a while, but after several discussions at DefCon I thought it would be nice to share it now :)
Btw! If you wonder how could this be abused, I recommend you looking at: mizu.re/post/explori... 😉
3/3
Btw! If you wonder how could this be abused, I recommend you looking at: mizu.re/post/explori... 😉
3/3
Exploring the DOMPurify library: Hunting for Misconfigurations (2/2). Tags:Article - Article - Web - mXSS
Exploring the DOMPurify library: Hunting for Misconfigurations (2/2)
mizu.re
August 25, 2025 at 4:17 PM
I was keeping this one for myself for a while, but after several discussions at DefCon I thought it would be nice to share it now :)
Btw! If you wonder how could this be abused, I recommend you looking at: mizu.re/post/explori... 😉
3/3
Btw! If you wonder how could this be abused, I recommend you looking at: mizu.re/post/explori... 😉
3/3
For example, using this configuration, it is possible to retrieve the @masatokinugawa.bsky.social CVEs in TinyMCE.
👉 subdomain1.portswigger-labs.net/xss/xss.php?...
2/3
👉 subdomain1.portswigger-labs.net/xss/xss.php?...
2/3
August 25, 2025 at 4:17 PM
For example, using this configuration, it is possible to retrieve the @masatokinugawa.bsky.social CVEs in TinyMCE.
👉 subdomain1.portswigger-labs.net/xss/xss.php?...
2/3
👉 subdomain1.portswigger-labs.net/xss/xss.php?...
2/3
This is still v1, there's lots to improve and many gadgets to add.
If you'd like to contribute or have any feedback, please don't hesitate to reach out 😁
4/4
If you'd like to contribute or have any feedback, please don't hesitate to reach out 😁
4/4
July 24, 2025 at 3:31 PM
This is still v1, there's lots to improve and many gadgets to add.
If you'd like to contribute or have any feedback, please don't hesitate to reach out 😁
4/4
If you'd like to contribute or have any feedback, please don't hesitate to reach out 😁
4/4
Each library page includes:
* Affected versions
* A short description
* Root cause of the gadget
* Related links
* Credit to the discoverer
* And even a preview button to play with the gadget live!
3/4
* Affected versions
* A short description
* Root cause of the gadget
* Related links
* Credit to the discoverer
* And even a preview button to play with the gadget live!
3/4
July 24, 2025 at 3:31 PM
Each library page includes:
* Affected versions
* A short description
* Root cause of the gadget
* Related links
* Credit to the discoverer
* And even a preview button to play with the gadget live!
3/4
* Affected versions
* A short description
* Root cause of the gadget
* Related links
* Credit to the discoverer
* And even a preview button to play with the gadget live!
3/4
The wiki lets you filter gadgets by browser, tags, attributes, CSP, and timing, making it as easy as possible to find interesting vectors (at least I hope so!) 🔎
2/4
2/4
July 24, 2025 at 3:31 PM
The wiki lets you filter gadgets by browser, tags, attributes, CSP, and timing, making it as easy as possible to find interesting vectors (at least I hope so!) 🔎
2/4
2/4
All the other challenge write-ups (not just web) are available in the #writeup channel of the CTF Discord server:
discord.gg/rwZY6hh8z8
Thanks again to @ECSC_TeamFrance for the opportunity! 💙
2/2
discord.gg/rwZY6hh8z8
Thanks again to @ECSC_TeamFrance for the opportunity! 💙
2/2
Join the FCSC & Hackropole Discord Server!
Check out the FCSC & Hackropole community on Discord - hang out with 6259 other members and enjoy free voice and text chat.
discord.gg
April 28, 2025 at 4:47 PM
All the other challenge write-ups (not just web) are available in the #writeup channel of the CTF Discord server:
discord.gg/rwZY6hh8z8
Thanks again to @ECSC_TeamFrance for the opportunity! 💙
2/2
discord.gg/rwZY6hh8z8
Thanks again to @ECSC_TeamFrance for the opportunity! 💙
2/2