Sven Morgenroth

Using blacklist filters. #justbypassthings

@GossiTheDog @threatspikeadam The public exploits use the vulnerabilities to execute external commands but that is not a requirement...

This should not happen I assume

pwning with @mongobug :p youtu.be/QEjgPh4SEmU

@sasi2103 @mongobug @ITSecurityguard That guy must be like the best hacker in the world or something

@magnusstubman amp.thehackernews.com/thn/2017/08/ch…

@garethheyes No idea why. SVG is just the weirdest of all tags

@garethheyes Strange thing with <svg><script> is that it confuses the XSS Auditor. It's fine in the source code (no red), but is blocked nonetheless.

A rare case of a bug found through a private bug bounty program being publicly acknowledged. Great to see :) kb.netapp.com/support/s/arti…

@garethheyes Classic one :) You can also use <!> and <?> btw

@insp3ctre @MarcS0h The chat box in the preview picture perfectly sums up how I'd use it

Doesn't work in chrome or FF

How to alert in edge / IE without alert, prompt or confirm using onbeforeunload jsfiddle.net/oqpuqxn2/

No PHP, no spaces, no $, no { }, bash only IFS=,;`cat<<<uname,-a`

All domains using CloudFlare have a CSP bypass gadget. Don't use 'unsafe-eval' for CloudFlare domains. PoC: vulnerabledoma.in/cloudflare_csp…

@ret2libc @insecurity Sure thing

Btw, the PHP closing tag can be omitted if you replace it with a semicolon `cat<<<'<?="uname\x20-a";'|php`

Command injection without space, $, {, } Python3 or PHP on server? uname`cat<<<'<?="\x20"?>'|php`-a uname`cat<<<'print("\x20")'|python3`-a

Why testing with XSS polyglots alone sucks

@Qab That looks cool, didn't test it yet. Maybe Phantom or Selenium have a way to detect it?

@IngoPan People who try to bypass it obviously?