HTTP Request Splitting vulnerabilities exploitation offzone.moscow/upload/iblock/…

CTF Player vs Bug Bounty Hunter

Universal MXSS. Works in all browsers and is likely to bypass lots of filters because title is both an SVG and HTML tag. Briefly checked DOM Purify and it looked okay.

funny firefox CSP bypass terjanq.me/xss.php?h[Cont…

You've heard of blind XSS - but what if there's CSP? Introducing blind CSS injection! portswigger.net/research/blind…

Finally, I had time to finish the writeup for the hoist challenges. Hope someone finds it valuable. Great job everyone who solved it! joaxcar.com/blog/2023/12/1…

Another XSS challenge. This one is a bit more contrived. Mission: 1. just pop alert 2. run arbitrary JS Don't write the solution in the thread! xss-node.glitch.me/nothing_specia…

In case you missed it...I wrote a book, please support my work by buying a copy. If you've already bought one thank you, please can you RT to spread the word! leanpub.com/javascriptforh…

Recently found a bypass in DOMPurify in certain cases. Today, versions 3.0.10 and 2.4.8 were released, fixing the issue. Documented the problem here: blog.slonser.info/posts/dompurif… Thanks to mario of Cure53 for excellent communication! #DOMPurify #security

هادشي غادي يبقى مسجل علينا ابد الآبدين في كتب التاريخ. غادي يبقى مكتوب اننا خلينا التطبيع والعلاقة الدبلوماسية مع دولة ترتكب إبادة جماعية وأبشع مجزرة في القرن 21

Shazzer can now fuzz entities in-between function calls! shazzer.co.uk/vectors/668012…

Go home JavaScript, you're drunk!

ooh, this works on Chrome Canary :D <input type="hidden" oncontentvisibilityautostatechange="alert(/ChromeCanary/)" style="content-visibility:auto">

I recently developed and posted about a technique called "First sequence sync", expanding James Kettle's single packet attack. This technique allowed me to send 10,000 requests in 166ms, which breaks the packet size limitation of the single packet attack. flatt.tech/research/posts…

Everyone knows that the RFCs for email addresses are crazy. This post will show without doubt that you should not be following the RFC. portswigger.net/research/split…

Thrilled to release my latest research on Apache HTTP Server, revealing several architectural issues! blog.orange.tw/2024/08/confus… Highlights include: ⚡ Escaping from DocumentRoot to System Root ⚡ Bypassing built-in ACL/Auth with just a '?' ⚡ Turning XSS into RCE with legacy code

the research paper is out: Next.js and the corrupt middleware: the authorizing artifact result of a collaboration with inzo that led to CVE-2025-29927 (9.1-critical) zhero-web-sec.github.io/research-and-t… enjoy the read!

How did we (AmirMohammad Safari) earn $50k using the Punycode technique? I’ve published a detailed blog post about our recent talk, we included 3 attack scenarios, one of which poses a high risk of account takeover on any "Login with GitLab" implementation blog.voorivex.team/puny-code-0-cl…

lol, this works on Firefox: <object data=# codebase=javascript:alert(document.domain)//> OR <embed src=# codebase=javascript:alert(document.domain)//>