all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Generic HTML Sanitizer Bypass Investigation

Add to bookmarks
July 3, 2023, 3:17 p.m. | LiveOverflow

LiveOverflow www.youtube.com

I stumbled over a weird HTML behavior on Twitter and started to investigate it. Did I just stumble over a generic HTML Sanitizer bypass?

Get my handwritten font https://shop.liveoverflow.com (advertisement)
Checkout our courses on https://hextree.io (advertisement)

The Tweet: https://twitter.com/MRCodedBrain/status/1662701541680136195
Google XSS: https://www.youtube.com/watch?v=lG7U3fuNw3A
HTML Spec: https://html.spec.whatwg.org/multipage/parsing.html#parse-error-invalid-first-character-of-tag-name

Chapters:
00:00 - Intro
01:09 - Sanitizing vs. Encoding
02:32 - Developing HTML Sanitizer Bypass
05:03 - Attacking DOMPurify
07:08 - Attacking Server-side Sanitizer
08:31 - HTML Parse Error Specification
10:08 - Potential Impact
11:55 …

bypass encoding error html investigation sanitizer server twitter weird

Visit resource

More from www.youtube.com / LiveOverflow

Finding The .webp Vulnerability in 8s (Fuzzing with AFL++) 3 months, 1 week ago | www.youtube.com
afl cve cve-2023-4863 fuzzing +9
A Vulnerability to Hack The World - CVE-2023-4863 4 months, 1 week ago | www.youtube.com
0day actively exploited blastpass buffer +21
Reinventing Web Security 5 months, 2 weeks ago | www.youtube.com
access clear database down +13
The Circle of Unfixable Security Issues 6 months, 2 weeks ago | www.youtube.com
bounty bug bug bounty bugs +12
Binary Exploitation vs. Web Security 6 months, 4 weeks ago | www.youtube.com
social support
Hacker Tweets Explained 7 months, 2 weeks ago | www.youtube.com
context explained hacker justin +6
Zenbleed (CVE-2023-20593) 8 months ago | www.youtube.com
amd amp asm assembly +18
The Discovery of Zenbleed ft. Tavis Ormandy 8 months, 2 weeks ago | www.youtube.com
bugs concept cpu cpus +16
Asking Android Developers About Security 9 months ago | www.youtube.com
android android developers android security asking +7

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Cybersecurity Consultant

@ Devoteam | Cité Mahrajène, Tunisia
View on infosec-jobs.com

GTI Manager of Cybersecurity Operations

@ Grant Thornton | Phoenix, AZ, United States
View on infosec-jobs.com

(Senior) Director of Information Governance, Risk, and Compliance

@ SIXT | Munich, Germany
View on infosec-jobs.com

Information System Security Engineer

@ Space Dynamics Laboratory | North Logan, UT
View on infosec-jobs.com

Intelligence Specialist (Threat/DCO) - Level 3

@ Constellation Technologies | Fort Meade, MD
View on infosec-jobs.com

Cybersecurity GRC Specialist (On-site)

@ EnerSys | Reading, PA, US, 19605
View on infosec-jobs.com
View more jobs