Resources

People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!

Everyone knows what copy and paste is...there is a risk to it though! Browsers can directly modify your copy queue without you knowing. What kind of attack surface does this create?

Well, if you can copy and paste HTML into a form, does this allow for this code to be executed? Yes and no. Most browsers have built in protection for this type of thing. Additionally, there are text editors that take in styled content too. This is where the research went.

With 9 bugs (4 in browser and 5 in rich text editors), the same story comes up over and over again: mutations. When attempting to fix some payloads (to make them not malicious) the mutations themselves actually created issues!

These were all about understanding how the processing and mutations were done. Once this was understood, the author just played around until they had a working payload.

Additionally, complex engines (such as interpreting HTML and CSS) have lots of lesser known features. Because of this, the more common features are better tested and likely to be fine. Going after some of the more obscure features can be fruitless when attacking, as it is not as well tested.

Some of the bugs are from simply not understanding all the features in a browser. In 2 of the rich text editors, it was as simple as ending a comment with --!> instead of --> to end a comment.

Overall, this is an attack vector that is not really thought about for attacking. Even though it requires very specific actions to do, (visit website A then website B to paste something) this is a very promising item to look at in website exploitation.