Xh4H

Oh god, another `sudo` vulnerability (CVE-2019-18634) "Buffer overflow when pwfeedback is set in sudoers". Sudo versions 1.7.1 to 1.8.25p1 inclusive are affected but only if the pwfeedback option is enabled in sudoers More info here: https://www.sudo.ws/alerts/pwfeedback.html …

Woops, leading-trailing whitespace.... But I guess the tweet is still valid as there's a whitespace after "leading-trailing"... Right?

Bypassing Chromium XSS Auditor using <svg> tags. <svg> <script> &#97;lert(1); </script> </svg> pretty dope. https://bugs.chromium.org/p/chromium/issues/detail?id=954070 … #xss

... and if you find any filter looking for &#(2-3digits) you can always pad it with zeroes (up to 7 chars): &#97 -> &#0000097 and so on.

bypassing XSS filters: <img src=x onerror="&#97&#108&#101&#114&#116&#96&#120&#115&#115&#96"> I made this 42 chars js func to escape strings: s=i=>i.replace(/./g,o=>'&#'+o.charCodeAt()) s("alert`xss`") #xss #bugbountytips

Happy new year to everyone!

I'll try have another writeup for tomorrow ...

Someone’s mother has four sons. North, South and East. What is the name of the fourth son. Private message me the name of the fourth son. If you lose, you have to repost. I lost to @UK_Daniel_Card