Disclaimer: This article is intended for security professionals conducting authorized testing within the scope of a contract. The author is not responsible for any damage caused by the application of the provided information. The distribution of malicious programs, disruption of system operation, and violation of the confidentiality of correspondence are pursued by law. Introduction Many security researchers are familiar with the frustrating experience of discovering an XSS vulnerability that...| blog.slonser.info
The article is informative and intended for security specialists conducting testing within the scope of a contract. The author is not responsible for any damage caused by the application of the provided information. The distribution of malicious programs, disruption of system operation, and violation of the confidentiality of correspondence are pursued by law. Introduction In this article, I would like to discuss a vulnerability I discovered in Casdoor, starting with a brief overview:| Posts on Slonser Notes
The article is informative and intended for security specialists conducting testing within the scope of a contract. The author is not responsible for any damage caused by the application of the provided information. The distribution of malicious programs, disruption of system operation, and violation of the confidentiality of correspondence are pursued by law. Introduction In this article, I want to talk about a method for bypassing DOMPurify when it is used for sanitizing SVG files, which I ...| blog.slonser.info
The article is informative and intended for security specialists conducting testing within the scope of a contract. The author is not responsible for any damage caused by the application of the provided information. The distribution of malicious programs, disruption of system operation, and violation of the confidentiality of correspondence are pursued by law. Introduction This article will be dedicated to my research in the field of email service attacks, including all aspects related to ema...| blog.slonser.info
Introduction This article is dedicated to a series of tricks utilizing the modern capabilities of IPv6 and the shortcomings of address parser implementations in standard libraries of popular programming languages. IPv6 Zone I think many people have an idea of what IPv6 and IPv4 addresses look like: 2001:0db8:85a3:0000:0000:8a2e:0370:7334 - IPv6 192.168.0.1 - IPv4 When including an IPv6 address in a URL, it needs to be enclosed in square brackets []:| blog.slonser.info
The article is informative and intended for security specialists conducting testing within the scope of a contract. The author is not responsible for any damage caused by the application of the provided information. The distribution of malicious programs, disruption of system operation, and violation of the confidentiality of correspondence are pursued by law. Introduction The node-mysql2 library is one of the most popular libraries for connecting to a database in JavaScript, with over 2 mill...| blog.slonser.info
Chrome XSS The article is informative and intended for security specialists conducting testing within the scope of a contract. The author is not responsible for any damage caused by the application of the provided information. The distribution of malicious programs, disruption of system operation, and violation of the confidentiality of correspondence are pursued by law. Preface This article is dedicated to a vulnerability that I managed to discover in the Google Chrome browser at the end of ...| blog.slonser.info
Slonser. I am Vsevolod Kokorin (Slonser), security researcher at Solidlab, C4T BuT S4D CTF team player. You can contact with me at Telegram.| blog.slonser.info
The article is informative and intended for security specialists conducting testing within the scope of a contract. The author is not responsible for any damage caused by the application of the provided information. The distribution of malicious programs, disruption of system operation, and violation of the confidentiality of correspondence are pursued by law. Introduction In this article, I aim to elucidate a deficiency in the implementation of DOMPurify that I recently uncovered.| blog.slonser.info