Masato Kinugawa

@kinugawamasato

脆弱性を探す時間が幸せ。

masatokinugawa.l0.cm
Joined January 2010
36 Photos and videos Photos and videos

Tweets

@kinugawamasato is blocked

Are you sure you want to view these Tweets? Viewing Tweets won't unblock @kinugawamasato.

  1. 7 hours ago

    no UI vector, inspired by vector :D <div style=writing-mode:tb;overflow:scroll onscroll=alert(1)>

    14 retweets 32 likes
  2. Jun 26

    No UI vector Edge, MSIE10-11 <div style="-ms-scroll-limit:1px;overflow:scroll;width:1px" onscroll=alert('xss')>

    11:04 AM - 26 Jun 2016 · Details
    49 retweets 97 likes
  3. Jun 7

    All passive element XSS on IE are: I was surprised that width/height property brings focus event. cc

    12 retweets 30 likes
  4. 23 Nov 2015

    XSS inside an editable area and can't use contenteditable=false? <a style="-webkit-user-modify: read-only;" href="javascript:alert(1)">CLICK

    23 retweets 60 likes
  5. Jun 7

    Another no user interaction vector: It works on Chrome/Safari and *Edge*.

    34 retweets 55 likes
  6. Jun 4

    全CSSプロパティと値を列挙してユーザ操作不要XSSベクタを洗い出そうとしてるんだけど、早速成果でた!一部をちょっと紹介。(IEで動作)

    13 retweets 28 likes
  7. Jun 2

    Interesting mutation via createElement('isindex') and ('image')

    5 retweets 14 likes
  8. May 23

    同様のメッセージが出るCVリストに載ったドメインでもデフォルトで自動的にIEを起動する動作に変更なら、CVリストのドメインのXSSを使って、IE固有のExploitをEdgeからいきなり展開できるようになりそうだ。

    ]2016年夏登場の「Windows 10 Anniversary Update」で実装予定:「Edge」と「IE 11」の共存、よりスムーズに──非対応サイトならば、自動切り替え
    1 retweet 2 likes
  9. May 20

    WASM×JS(MSIE)×CSS×HTML Polyglot

    7 retweets 18 likes
  10. May 19

    MSIE Meets WebAssembly! I just wrote WASM × JS polyglot :)

    23 retweets 25 likes
  11. May 19

    "Calling alert from WebAssembly (WASM)" - a very simple tutorial to show that WASM isn't as hard as it looks

    12:41 PM - 19 May 2016 · Details
    17 retweets 29 likes
  12. May 18

    Blogged! / XSS Auditor bypass using Flash and base tag (日本語) (English)

    59 retweets 75 likes
  13. May 11

    WordPress 4.5.1 XSS & SOME: Issue was re-found and published, thus the early release.

    7:07 AM - 11 May 2016 · Details
    87 retweets 88 likes
  14. Apr 29

    CFP応募開始です。/ 講演者募集 || CALL FOR PAPERS || 世界トップクラスの専門家による情報セキュリティ国際会議「CODE BLUE(コードブルー)」

    5 retweets 8 likes
  15. Apr 29

    Firefox 42 SOP bypass PoC by

    5:19 AM - 29 Apr 2016 · Details
    35 retweets 39 likes
  16. Apr 26

    H5SC Mini-Challenge "XSS Metaphor" 5 - The Write-Up

    9:58 AM - 26 Apr 2016 · Details
    38 retweets 55 likes
  17. Apr 21

    OTF+SVG allows to read info character by character with only a STYLE injection through XEE & timing

    24 retweets 36 likes
  18. Apr 17

    New challenge "The XSS Metaphor" by & me is out. Have a great and productive week :)

    39 retweets 49 likes
  19. Apr 17

    情報処理~~試験のXSSスペシャリストでCSPバイパス出たってマジか・・・(適当)

    3 likes

@kinugawamasato hasn't tweeted yet.

Loading seems to be taking a while.

Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.

    You may also like

    ·