all InfoSec news
Generic HTML Sanitizer Bypass Investigation
July 3, 2023, 3:17 p.m. | LiveOverflow
LiveOverflow www.youtube.com
Get my handwritten font https://shop.liveoverflow.com (advertisement)
Checkout our courses on https://hextree.io (advertisement)
The Tweet: https://twitter.com/MRCodedBrain/status/1662701541680136195
Google XSS: https://www.youtube.com/watch?v=lG7U3fuNw3A
HTML Spec: https://html.spec.whatwg.org/multipage/parsing.html#parse-error-invalid-first-character-of-tag-name
Chapters:
00:00 - Intro
01:09 - Sanitizing vs. Encoding
02:32 - Developing HTML Sanitizer Bypass
05:03 - Attacking DOMPurify
07:08 - Attacking Server-side Sanitizer
08:31 - HTML Parse Error Specification
10:08 - Potential Impact
11:55 …
bypass encoding error html investigation sanitizer server twitter weird
More from www.youtube.com / LiveOverflow
Finding The .webp Vulnerability in 8s (Fuzzing with AFL++)
3 months, 1 week ago |
www.youtube.com
A Vulnerability to Hack The World - CVE-2023-4863
4 months, 1 week ago |
www.youtube.com
The Circle of Unfixable Security Issues
6 months, 2 weeks ago |
www.youtube.com
The Discovery of Zenbleed ft. Tavis Ormandy
8 months, 2 weeks ago |
www.youtube.com
Jobs in InfoSec / Cybersecurity
Cybersecurity Consultant
@ Devoteam | Cité Mahrajène, Tunisia
GTI Manager of Cybersecurity Operations
@ Grant Thornton | Phoenix, AZ, United States
(Senior) Director of Information Governance, Risk, and Compliance
@ SIXT | Munich, Germany
Information System Security Engineer
@ Space Dynamics Laboratory | North Logan, UT
Intelligence Specialist (Threat/DCO) - Level 3
@ Constellation Technologies | Fort Meade, MD
Cybersecurity GRC Specialist (On-site)
@ EnerSys | Reading, PA, US, 19605