Medijski sadržaj
- Tweetovi
- Tweetovi i odgovori
- Medijski sadržaj, trenutna stranica.
-
So yesterday I got married! Paula is the greatest woman I’ve ever met in my life and I can’t even express how happy and grateful I am that she’s going to be with me for the rest of my life. Thank you very much and I’m sure that we’ll have a happy life together!pic.twitter.com/7woCEyO8S5
-
This is perhaps my favourite quirk from HTML spec which is, in fact, mentioned directly in the spec: https://www.w3.org/TR/html50/scripting-1.html#restrictions-for-contents-of-script-elements …pic.twitter.com/1y0EAnq7u3
-
This bug, fixed in latest Firefox, led to pretty interesting research, how you can exfiltrate data in Firefox with a single injection point (ie. no reloading iframes). I’m going to publish the trick soon.pic.twitter.com/tV8yBR1wPc
-
-
[PL] 14 grudnia na konferencji
@WTHConf opowiem o błędzie w AMP4Email i jak z niego urodziło się kilka kolejnych błędów (obejście DOMPurify czy CSP). Zapraszam!pic.twitter.com/SGFct9UoAB
-
If you’re going to be in Wrocław this Wednesday, consider going to
@OwaspPoland Day, where I’m having a presentation about prototype pollution in Kibana. Here’s a little spoilerpic.twitter.com/QkFH9jgizL
-
Just updated the XSS challenge (https://securitymb.github.io/xss/1/ ) and added sandbox attribute to <iframe> so you cannot do this: :Dpic.twitter.com/afNcCfmkym
-
If CSP policy points to a dir and you use %2f to encode "/", it is still considered to be inside the dir. All browsers seem to agree on that. This leads to a possible bypass, by using "%2f..%2f" if server decodes it, example: https://jsbin.com/werevijewa/edit?html,output …pic.twitter.com/IFIq5G1uwl
Prikaži ovu nit -
I don’t usually post my private stuff on Twitter but today my girlfriend and I, we got engaged and I just want to share my happiness with the world!pic.twitter.com/FP0OMfBKQa
Prikaži ovu nit -
Today at 14:30 I’m having a presentation at
@CONFidenceConf community track about <portal> including an interesting bug in Chrome allowing to bypass SOP. Just go outside and join me if you’re interested!pic.twitter.com/jWPgYJhuTF
-
Interesting. Thanks for the new <portal> element of Google (https://web.dev/hands-on-portals …) you can navigate to top-level data: URI again!pic.twitter.com/S0fOQE32fY
-
This is actually a great performance of a 19th century song called "Hello! Ma Baby" in Red Dead Redemption 2https://www.youtube.com/watch?v=0BhVpxPH4iA …
-
What is this? "Origin Policy Error Interstitial"; getting this in Chrome Canary right now. CC:
@mikewest@arturjancpic.twitter.com/FML2Zd5Qw1
-
I'm planning on releasing a write-up of a nice bug in Google Hangouts Chat (the desktop app) tomorrow. Here's a teaser (or spoiler actually).pic.twitter.com/WTrffuglrw
-
I've just accidentally found my screencast of various XSS-es found in the Google Translator Toolkit back in 2015. Pretty neat; it's raining XSS-es ;)
#bugbounty#vrppic.twitter.com/xdSCyCEUWC -
Quite funnily, in JS console it executes immediately when you type the code but won't execute again after pressing Enter.pic.twitter.com/QuytvQLMTD
-
Currently working on revisiting the CSS scrollbar attack. Write-up incoming ;-)pic.twitter.com/8utlNekPcX
-
Oh, and I think I found a bypass: just use duplicate attributes name. https://jsbin.com/niwopidote/edit?html,output … CC:
@mikewestpic.twitter.com/qZV9t9ZBve
-
The code doesn't execute on Chrome59 while it does on Canary. Anyone knows why? Some kind of builtin protection against this kind of attack?pic.twitter.com/KQE6DmnHVq
-
It seems that url.searchParams is to blame.pic.twitter.com/yTjQtdcAss
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.