Blog
Search
Featured posts
Exploiting Web Worker XSS with Blobs
Ways to turn XSS in a Web Worker into full XSS, covering known tricks and a new generic exploit using Blob URLs with the Drag and Drop API
Nonce CSP bypass using Disk Cache
The solution to my small XSS challenge, explaining a new kind of CSP bypass with browser-cached nonces. Leak it with CSS and learn about Disk Cache to safely update your payload
OBS WebSocket to RCE
Disabling password authentication of your OBS WebSocket server can have devastating consequences. We'll attack from the browser to construct an RCE payload on Windows formed from the pixels of an image, a polyglot.
MCP: May Cause Pwnage - Backdoors in Disguise
Together with @AtomicByte, we found some vulnerabilities in the MCP protocol, debugging tools, and scanned for internet-exposed servers. This resulted in a ton of results ranging from headless browsers, databases or code evaluators.