Resources

People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!

Gemini's Markdown renderer fails to sanitize HTML-like content within code blocks when there are premature code fence terminations (```).

An example payload:

```
  test
```
```
````
<tag>...</tag>

The payload exploited a parsing inconsistency. The Markdown processor would close the code block early, which allowed for the HTML to be rendered without a direct escape. Initially, this only allowed for a few specific tags. However, after an update, it allowed for direct HTML injection.

To exploit this, they setup UI spoofing to get sensitive information, like creds. In Firefox, it prioritizes referrerpolicy attribute over server-set Referrer-Policy headers. This meant that Firefox could leak the full URL, including autofilled creds in query strings, via the referrer header. Pretty neat!

The vulnerability doesn't allow for the injecting of JavaScript directly. Still, it's able to perform various attacks. To exploit this, I think Gemini would have to return malicious content. Although this is claimed and probably is "zero click", I don't think you can trigger this on arbitrary users.