| Universal Code Execution by Chaining Messages in Browser Extensions |
|
|
|
| Cache Me If You Can: Local Privilege Escalation in Zscaler Client Connector (CVE-2023-41973) |
|
|
|
| Back to the (Clip)board with Microsoft Whiteboard and Excalidraw in Meta (CVE-2023-26140) |
|
|
|
| I Hope This Sticks: Analyzing ClipboardEvent Listeners for Stored XSS |
|
|
|
| Exploiting Improper Validation of Amazon Simple Notification Service SigningCertUrl |
|
|
|
| You Have One New Appwntment: Exploiting iCalendar Properties in Enterprise Applications |
|
|
|
| Solving DOM XSS Puzzles |
|
|
|
| All Your (d)Base Are Belong To Us, Part 2: Code Execution in Microsoft Office (CVE-2021-38646) |
|
|
|
| All Your (d)Base Are Belong To Us, Part 1: Code Execution in Apache OpenOffice (CVE-2021–33035) |
|
|
|
| Applying Offensive Reverse Engineering to Facebook Gameroom |
|
|
|
| Supply Chain Pollution: Hunting a 16 Million Download/Week npm Package Vulnerability for a CTF Challenge |
|
|
|
| Open Sesame: Escalating Open Redirect to RCE with Electron Code Review |
|
|
|
| A Tale of Two Formats: Exploiting Insecure XML and ZIP File Parsers to Create a Web Shell |
|
|
|
writeups.xyz
/
Eugene Lim (@Spaceraccoonsec)