-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathindex.html
179 lines (173 loc) · 6.11 KB
/
index.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
<!doctype html>
<html>
<head>
<title>Abdulrahman Al-Qabandi</title>
<link href="q.css?q2" rel="stylesheet">
</head>
<body>
<div id="qLogo"><div id="qFX"><img src="q.png"/></div>
<div id="qNav">
<a id="qvisited">Home</a>
<a href="/About">About</a>
<a href="/Tools">Tools</a>
<a href="/Links">Links</a>
<a href="https://www.twitter.com/qab" target="_BLANK">Twitter</a>
<a href="/Stuff">Stuff</a>
</div>
</div>
<div class="qArticle">
<a href="/Edge-Chromium-EoP-RCE/">
<h1>Chromium Edge EoP XSS to RCE</h1>
<p>Hacking the new Edge Browser using a couple of XSS bugs.</p>
<div class="qFX2"><img src="qimg/Art22.png"/></div>
</a>
</div>
<div class="qArticle">
<a href="/Edge-Local-File-Disclosure-and-EoP/">
<h1>Microsoft Edge - LFD and EoP</h1>
<p>(CVE-2019-1356) Stealing local files and changing flags by chaining several bugs</p>
<div class="qFX2"><img src="qimg/Art21.png"/></div>
</a>
</div>
<div class="qArticle">
<a href="/Microsoft-Edge-uXSS/">
<h1>Microsoft Edge uXSS</h1>
<p>(CVE-2019-1030) Injecting Javascript into an unexpected context results in weird behavior leading to universal XSS.</p>
<div class="qFX2"><img src="qimg/Art20.png"/></div>
</a>
</div>
<div class="qArticle">
<a href="/Microsoft-Office-365-Outlook-XSS/?q0">
<h1>Office 365 Outlook XSS</h1>
<p>I revisit Outlook after 4 years and compare bugs found.</p>
<div class="qFX2"><img src="qimg/Art19.png"/></div>
</a>
</div>
<div class="qArticle">
<a href="/WebExtension-Security-Part-2/?q">
<h1>WebExtension Security (Part 2)</h1>
<p>We delve a bit deeper into WebExtension security featuring 5 bugs</p>
<div class="qFX2"><img src="qimg/Art18.jpg"/></div>
</a>
</div>
<div class="qArticle">
<a href="/Microsoft-Edge-RCE/">
<h1>Edge RCE</h1>
<p>(CVE-2018-8495) Chaining small bugs together to achieve RCE</p>
<div class="qFX2"><img src="qimg/Art17.png"/></div>
</a>
</div>
<div class="qArticle">
<a href="/Firefox-uXSS-and-CSS-XSS/">
<h1>Firefox uXSS & CSS XSS</h1>
<p>CSS XSS came back for a bit which lead to an unusual uXSS</p>
<div class="qFX2"><img src="qimg/Art16.png"/></div>
</a>
</div>
<div class="qArticle">
<a href="/WebExtension-Security/">
<h1>WebExtension Security (Part 1)</h1>
<p>Quick intro to WebExtension security featuring four FireFox bugs.</p>
<div class="qFX2"><img src="qimg/Art15.png"/></div>
</a>
</div>
<div class="qArticle">
<a href="/XFO-All/">
<h1>XFO All</h1>
<p>I try to make a case for adding XFO to all responses.</p>
<div class="qFX2"><img src="qimg/Art14.png"/></div>
</a>
</div>
<div class="qArticle">
<a href="/Chrome-Firefox-Edge-Local-File-Disclosure/">
<h1>Cross Browser LFD</h1>
<p>The HTML5 filepicker was found to have 5 bugs across all three major browsers.</p>
<div class="qFX2"><img src="qimg/Art13.png"/></div>
</a>
</div>
<div class="qArticle">
<a href="/FireFox-RCE/">
<h1>FireFox RCE</h1>
<p>By chaining small bugs I was able to inject arbitrary privileged code. (SEC-MODERATE)</p>
<div class="qFX2"><img src="qimg/Art12.png"/></div>
</a>
</div>
<div class="qArticle">
<a href="/Chrome-Address-Bar-Spoof/">
<h1>Chrome Address Bar Spoof</h1>
<p>(CVE-2016-5218) A confused deputy problem leads to a full URL spoof temporarily (~20s)</p>
<div class="qFX2"><img src="qimg/Art11.jpg"/></div>
</a>
</div>
<div class="qArticle">
<a href="/FireFox-LFD-and-SOP-Bypass/">
<h1>FireFox LFD & SOP Bypass</h1>
<p>Using the 'Save Page' functionality comes with security risks</p>
<div class="qFX2"><img src="qimg/Art10.png"/></div>
</a>
</div>
<div class="qArticle">
<a href="/FireFox-Universal-XSS-and-Local-File-Disclosure/">
<h1>FireFox uXSS & LFD</h1>
<p>(CVE-2016-5265) Using the a .URL file (Internet Shortcut) we are able to bypass the same origin policy (SEC-MODERATE)</p>
<div class="qFX2"><img src="qimg/Art9.png"/></div>
</a>
</div>
<div class="qArticle">
<a href="/FireFox-Arbitrary-Local-File-Disclosure-(NO-FIX)/">
<h1>FireFox Local File Disclosure</h1>
<p>Arbitrary local file disclosure in all FireFox browsers (NO-FIX)</p>
<div class="qFX2"><img src="qimg/Art1.png"/></div>
</a>
</div>
<div class="qArticle">
<a href="/FireFox-Partial-URL-Spoof-Using-Data-URL-Scheme-(FIXED)/">
<h1>FireFox Partial URL Spoof</h1>
<p>(CVE-2015-7211) Partial URL spoofing using the data URI scheme (SEC-LOW)</p>
<div class="qFX2"><img src="qimg/Art2.png"/></div>
</a>
</div>
<div class="qArticle">
<a href="/FireFox-Hide-URL-(FIXED)/">
<h1>FireFox Hide URL</h1>
<p>(CVE-2016-1958) Show about:blank (placeholder "Search or enter address" in the URL bar) using javascript URI scheme (SEC-MODERATE)</p>
<div class="qFX2"><img src="qimg/Art3.png"/></div>
</a>
</div>
<div class="qArticle">
<a href="/FireFox-Full-URL-spoof-using-javascript-URI-scheme/">
<h1>FireFox Full URL spoof</h1>
<p>While further testing the javascript URI scheme behavior on FF, I came across another bug which results in full address bar spoof (SEC-MODERATE)</p>
<div class="qFX2"><img src="qimg/Art4.png"/></div>
</a>
</div>
<div class="qArticle">
<a href="/FireFox-Check-If-Local-File-Folder-Exists-Using-Jar-URI-Scheme/">
<h1>FireFox JAR URI bug</h1>
<p>local documents can use "jar:file:///" as an oracle to which other files exist (SEC-MODERATE)</p>
<div class="qFX2"><img src="qimg/Art5.png"/></div>
</a>
</div>
<div class="qArticle">
<a href="/FireFox-Same-Origin-Policy-Bypass/">
<h1>FireFox SOP Bypass</h1>
<p>Cross-Origin restriction bypass with fetch using 302 redirection (SEC-HIGH)</p>
<div class="qFX2"><img src="qimg/Art6.png"/></div>
</a>
</div>
<div class="qArticle">
<a href="/FireFox-SOP-bypass-Using-Workers/">
<h1>FireFox Worker SOP Bypass</h1>
<p>SOP bypass using workers - Sensitive data retrieval (DUPE)</p>
<div class="qFX2"><img src="qimg/Art7.jpg"/></div>
</a>
</div>
<div class="qArticle">
<a href="/Various-bugs-in-Microsoft-Office-365-Outlook/">
<h1>MS Outlook Office 365 bugs</h1>
<p>Various valid bugs found in the emailing component of Office 365, Outlook. (VIDEOS)</p>
<div class="qFX2"><img src="qimg/Art8.png"/></div>
</a>
</div>
</body>
</html>