Resources
People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!
- This product is built off of Jupyter Notebook. The main aspect, that is being tested, is the Markdown editor. It was discovered that it had some sort of input sanitation, making it a good target.
- The hacker went through the source code on the frontend in order to find how the parser worked. This included regex's and library's being used.
- Eventually, this recon turned into discovering that Google Collaborator actually parses LaTex too. Now, it was about finding a XSS in the MathJax library.
- By abusing the LaTex, an easy XSS was found. Now, it is time for the CSP bypass :)
- By abusing previous research, the CSP was able to be bypassed. Great research :)
