This is src doc of my presentation on shibuya.xss #8 (2016-11-14)
The main topic is vulnerabilities related to url parser.
- PHP https://bugs.php.net/bug.php?id=73192
- Java/OpenJDK http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/cd0585378c46 (CVE-2016-5552)
- Android https://android.googlesource.com/platform/libcore/+/4b3f2c6c5b84f80fae8eeeb46727811e055715ea%5E%21/ (CVE-2016-5552)