Slonser Notes.

MySQL2: Dangers of User-Defined Database Connections


The article is informative and intended for security specialists conducting testing within the scope of a contract. The author is not responsible for any damage caused by the application of the provided information. The distribution of malicious programs, disruption of system operation, and violation of the confidentiality of correspondence are pursued by law. Introduction The node-mysql2 library is one of the most popular libraries for connecting to a database in JavaScript, with over 2 million installations per week.…
Read more ⟶

DOM Purify - untrusted Node bypass


The article is informative and intended for security specialists conducting testing within the scope of a contract. The author is not responsible for any damage caused by the application of the provided information. The distribution of malicious programs, disruption of system operation, and violation of the confidentiality of correspondence are pursued by law. Introduction In this article, I aim to elucidate a deficiency in the implementation of DOMPurify that I recently uncovered.…
Read more ⟶

CVE-2023-5480: Chrome new XSS Vector


Chrome XSS The article is informative and intended for security specialists conducting testing within the scope of a contract. The author is not responsible for any damage caused by the application of the provided information. The distribution of malicious programs, disruption of system operation, and violation of the confidentiality of correspondence are pursued by law. Preface This article is dedicated to a vulnerability that I managed to discover in the Google Chrome browser at the end of last year, and it also recounts the story of its origin.…
Read more ⟶