DOM clobbering in CTF: https://github.com/ctfs/write-ups/tree/master/hack-lu-ctf-2014/hotcows-dating … also could use textarea w/user interaction - IMG src solution is wrong though->META works
-
-
@avlidienbrunn@mathias umm, can't u use mixture of textarea and <!--> to foil the first few unwanted META tags? just an idea -
@irsdl@avlidienbrunn No because `innerHTML` is used. We tried. I thought you knew of a way to include a resource inline using <meta>
End of conversation
New conversation -
-
-
@avlidienbrunn What team did you play with? -
@mathias HackingForSoju, though I never solved it completely :) Was looking for JSONP-alert-as-callback kind of attacks mostly
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.