Combining response-type switching, invalid state and redirect-uri quirks using OAuth, with third-party javanoscript-inclusions has multiple vulnerable scenarios where authorization codes or tokens could leak to an attacker. This could be used in attacks for…

SQL injections without tables?

The following is a writeup for some Android specific chromium behaviors.

oauth-labs: an intentionally vulnerable set of OAuth 2.0 labs for security training and learning - cyllective/oauth-labs

iOS and macOS Decompiler. Contribute to LaurieWired/Malimite development by creating an account on GitHub.

Table of Contents

JP (Translated by ChatGPT) In this article, I'll explain the intended solution for the "Tanuki Udon" challenge presented in SECCON CTF 13. TL;DR An XS-Leaks att…

Cross-Site Scripting (XSS) is often considered a beautiful attack due to its elegance and effectiveness in exploiting vulnerabilities…

This blog post covers DOMPurify 3.2.1 Bypass, explaining a specific mutation technique