Critical Thinking - Bug Bounty Podcast

Episode 111: How to Bypass DOMPurify in Bug Bounty with Kevin Mizu


Listen Later

Episode 111: In this episode of Critical Thinking - Bug Bounty Podcast Justin interviews Kevin Mizu to showcase his knowledge regarding DOMPurify and its misconfigurations. We walk through some of Kevin’s research, highlighting things like Dangerous allow-lists and URI Attributes, DOMPurify hooks, node manipulation, and DOM Clobbering.

Follow us on twitter at: https://x.com/ctbbpodcast

Got any ideas and suggestions? Feel free to send us any feedback here: [email protected]

Shoutout to YTCracker for the awesome intro music!

====== Links ======

Follow your hosts Rhynorater and Rez0 on Twitter:

https://x.com/Rhynorater

https://x.com/rez0__

====== Ways to Support CTBBPodcast ======

Hop on the CTBB Discord at https://ctbb.show/discord!

We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.

You can also find some hacker swag at https://ctbb.show/merch!

====== Resources ======

Exploring the DOMPurify library: Bypasses and Fixes (1/2)

https://mizu.re/post/exploring-the-dompurify-library-bypasses-and-fixes

Exploring the DOMPurify library: Hunting for Misconfigurations (2/2)

https://mizu.re/post/exploring-the-dompurify-library-hunting-for-misconfigurations

Dom-Explorer tool

https://yeswehack.github.io/Dom-Explorer/shared?id=772a440c-b0c2-4991-be71-3e271cf7954f

CT Episode 61: A Hacker on Wall Street - JR0ch17

https://www.criticalthinkingpodcast.io/episode-61-a-hacker-on-wall-street-jr0ch17/

====== Timestamps ======

(00:00:00) Introduction

(00:01:44) Kevin Mizu - Background and Bring-a-bug

(00:15:09) DOMPurify

(00:29:04) Misconfigurations - Dangerous allow-lists

(00:39:09) Dangerous URI attributes configuration

(00:46:08) Bad usage

(00:59:55) DOMPurify Hooks: before, after, and upon SanitizeAttribute

(01:29:15) Node manipulation, nodeName namespace case confusion, & DOM Clobbering DOS

(01:36:51) Misc concepts for future research

...more
View all episodesView all episodes
Download on the App Store

Critical Thinking - Bug Bounty PodcastBy Justin Gardner (Rhynorater) & Joseph Thacker (Rez0)

  • 5
  • 5
  • 5
  • 5
  • 5

5

53 ratings


More shows like Critical Thinking - Bug Bounty Podcast

View all
Risky Business by Patrick Gray

Risky Business

364 Listeners

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) by Johannes B. Ullrich

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

639 Listeners

Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec by Jerry Bell and Andrew Kalat

Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec

368 Listeners

Hacked by Hacked

Hacked

181 Listeners

CyberWire Daily by N2K Networks

CyberWire Daily

1,014 Listeners

Smashing Security by Graham Cluley

Smashing Security

316 Listeners

Click Here by Recorded Future News

Click Here

406 Listeners

Darknet Diaries by Jack Rhysider

Darknet Diaries

7,958 Listeners

Cybersecurity Today by Jim Love

Cybersecurity Today

164 Listeners

CISO Series Podcast by David Spark, Mike Johnson, and Andy Ellis

CISO Series Podcast

189 Listeners

Hacking Humans by N2K Networks

Hacking Humans

316 Listeners

Defense in Depth by David Spark, Steve Zalewski, Geoff Belknap

Defense in Depth

77 Listeners

Bug Bounty Reports Discussed by Grzegorz Niedziela

Bug Bounty Reports Discussed

4 Listeners

Risky Bulletin by risky.biz

Risky Bulletin

43 Listeners

Hacker And The Fed by Chris Tarbell & Hector Monsegur

Hacker And The Fed

168 Listeners