absolutely!
1 year ago
1
0
1
0
Posts by terjanq
During #x3ctf, I discovered an unintended solution that turned out to be a pretty cool generic technique. It allows you to detect the result of a selector during CSS Injection, bypassing any CSP restricting external requests!
Check out the writeup below:
jorianwoltjer.com/blog/p/ctf/x...
1 year ago
24
6
1
1
added!
1 year ago
0
0
0
0
Here is (finally) the writeup and conclusion of the challenge:
joaxcar.com/blog/2024/12...
Maybe not the best write-up, but I have to allow myself to actually post, rather than refactor, posts. I hope someone finds it useful. And thanks everyone that participated. Special shoutout to @terjanq.me
1 year ago
11
4
0
0
One thing that I was missing when using the tool was to get the entire output rather than body. Another thing was being able to copy to clipboard generated input and output. These would be useful!
1 year ago
0
0
1
0
Added!
1 year ago
0
0
0
0
added!
1 year ago
1
0
0
0
The latest version should be quite straightforward. If you like magic, then I recommend checking out the previous version π terjanq.me/solutions/jo...
It includes more trickier races π
1 year ago
1
0
0
0
Managed to greatly improve:
* performance
* accurracy
* cross-platform support (should now work on both Chrome & Firefox)
Check out the updated version! π
1 year ago
3
0
2
0
settings β‘οΈ content & media β‘οΈ threads β‘οΈ experimental
Helps a lot with longer threads!
1 year ago
6
1
0
0
Advertisement
Imagine opening a Discord message and suddenly your computer is hacked.
We discovered a bug that made this possible and earned a $5,000 bounty for it.
Here's the story and a beginner-friendly deep dive into V8 exploit development.
watch: youtu.be/R3SE4VKj678?...
1 year ago
18
8
1
1
11 chars with bsky.app/profile/terj...
1 year ago
1
0
0
0
Got sniped into the challenge and ended up doing some cool XSS research :D
11 char XSS with mind-boggling race-conditions.
TL;DR the final payload is location=x (10 chars) and the longest is top.Z.x=x.d (11 char)
It's shorter than location=name !!
terjanq.me/solutions/jo...
1 year ago
30
11
1
1
Added. Keep it up!
1 year ago
1
0
0
0
Added!
1 year ago
1
0
0
0
Slow race condition but 11 chars! terjanq.me/solutions/jo... Let me know if that works for you. With that, time to stop π
1 year ago
5
1
0
0
12 with open() terjanq.me/solutions/jo...
Without popups enabled, you have to click on any iframe when the bg becomes pink.
1 year ago
0
0
1
0
Advertisement
I disregarded open() because it needs interaction so I didn't look too much into it. The culprit for buildup. I'm not sure how to make it 11 as top.r.d+="1" is already 12. it should be possible with 12 via top.x.x=top and then open(r.x.d) which is 11
1 year ago
1
0
1
0
Can do it also in 12, but I agree that it's cheating with run.
terjanq.me/solutions/jo...
1 year ago
2
0
0
0
13* haha :D
1 year ago
1
0
1
0
15 terjanq.me/solutions/jo...
Can be most likely improved but didn't yet figure out how to properly race condition with shorter payloads like top.x.x+="" πΆ
1 year ago
5
1
1
0
15 terjanq.me/solutions/jo...
Can be most likely improved but didn't yet figure out how to properly race condition with shorter payloads like top.x.x+="" πΆ
1 year ago
5
1
1
0
16 terjanq.me/solutions/jo...
1 year ago
10
0
4
0
yes! added
1 year ago
1
0
0
0
added!
1 year ago
1
0
1
0
Advertisement
Extended the starter with shy writers! π If you're not on the list but write about web security, then feel free to reply with the article you're most proud of, and I will add you to the pack!
Make sure to resubscribe to not not miss on the amazing πresearch!
go.bsky.app/9JXnB17
1 year ago
29
10
9
0
Getting this for 2 years already :( new number most of the time. When I just moved to Switzerland, I found a paper slip from post to receive some important lettters. When I go to the post office it was all scam. The most targeted scam I ever received π
1 year ago
1
0
0
0
I started a Web Security Writers starter pack. Had to add 7 accounts so settled on a couple of obvious names but the idea I have for the starter is different. Please share your BEST writeup / article in the reply and I will add you to the pack! Let's shake the platform a bit with amazing research! πΈοΈ
1 year ago
37
8
15
0
Feel free to drop a banger here regardless! :D
1 year ago
1
0
1
0
Starter pack seems to be glitched on web, the URL is: bsky.app/starter-pack...
1 year ago
1
1
0
0