slonser (@slonser

slonser

191 posts

slonser

@slonser_

Co-Founder @neploxaudit. CTF team @C4TBuTS4D Security Researcher.

Joined December 2023

Pinned
slonser
@slonser_
Jan 17, 2025
In 2024, I interacted a lot with Extensions. I decided to create a resource that will help with a basic understanding of extensions and key attacks. P.S. I tried to make everything as clear as possible and hope it won’t feel too overwhelming anywhere.
extensions.neplox.security
Introduction | Chrome Extension Security
Welcome to our site dedicated to creating a comprehensive knowledge base on the security of Chromium extensions.
40K
slonser
@slonser_
May 5, 2025
Today I used a technique that’s probably not widely known in the community. In what cases could code like this lead to a vulnerability? ->
275K
slonser
@slonser_
Jun 14, 2024
I want to share my recent case: > I found a vulnerability that allows sending a message from any user@domain > We cannot reproduce it > I send a video with the exploitation, a full PoC > We cannot reproduce it At this point, I decided to stop the communication with Microsoft.
138K
slonser
@slonser_
Jun 13, 2025
My new research Escalation of Self-XSS to XSS using modern browser capabilities.
blog.slonser.info
Make Self-XSS Great Again
Disclaimer: This article is intended for security professionals conducting authorized testing within the scope of a contract. The author is not responsible for any damage caused by the application of...
45K
slonser
@slonser_
Jan 25, 2024
A writeup analysis of a simple logical vulnerability at @googlechrome for which @GoogleVRP paid me $16,000. Link: blog.slonser.info/posts/cve-2023… P.S. I have very few subscribers, so I am grateful for every repost #0day #Chrome #GoogleVRP #CVE
blog.slonser.info
CVE-2023-5480: Chrome new XSS Vector
Chrome XSS The article is informative and intended for security specialists conducting testing within the scope of a contract. The author is not responsible for any damage caused by the application...
51K
slonser
@slonser_
Apr 15, 2025
I think many people are familiar with the topic of blind CSS exfiltration, especially after the post by @garethheyes However, an important update has occurred since then, which I wrote below ->
48K
slonser
@slonser_
May 23, 2024
My new Research Email attacks. - C# 0day - spoofing emails e.t.c.
blog.slonser.info
Old new email attacks
The article is informative and intended for security specialists conducting testing within the scope of a contract. The author is not responsible for any damage caused by the application of the...
34K
slonser
@slonser_
Mar 19, 2024
Recently found a bypass in DOMPurify in certain cases. Today, versions 3.0.10 and 2.4.8 were released, fixing the issue. Documented the problem here: blog.slonser.info/posts/dompurif… Thanks to mario of @cure53berlin for excellent communication! #DOMPurify #security
blog.slonser.info
DOM Purify - untrusted Node bypass
The article is informative and intended for security specialists conducting testing within the scope of a contract. The author is not responsible for any damage caused by the application of the...
20K
slonser
@slonser_
May 14, 2025
A fix from Google was released today. Part of the issue was due to my misunderstanding based on previous reports. Big thanks to chromium team for the quick resolve I hope everyone had some fun, and apologies to the triagers on HackerOne XD
slonser
@slonser_
May 5, 2025
Today I used a technique that’s probably not widely known in the community. In what cases could code like this lead to a vulnerability? ->
43K
slonser
@slonser_
Dec 14, 2024
This year, there has been a lot of great research about HTML and sanitizers. I finally decided to organize my scripts to one package and am ready to present the HTML Universal Identifier (HUI). It's still a pretty raw version, but here it is:
GitHub - Slonser/hui: HTML Universal Identifier
From github.com
11K
slonser
@slonser_
May 5, 2025
Replying to @slonser_
Query parameters can contain sensitive data - for example, in OAuth flows, this might lead to an Account Takeover. Developers rarely consider the possibility of stealing query parameters via an image from a 3rd-party resource - which makes this trick surprisingly useful sometimes
20K
slonser
@slonser_
Mar 6, 2025
This reminded me that this situation can be exploited without user interaction, if you can insert svg/xml via blob XSLT has a function that allows you to get the current location
Renwa
@RenwaX23
Mar 5, 2025
Thanks for playing Solution: renwax23.github.io/X/chal/feb25.h… <script>alert(origin)</script><a/href=#>Open me in a New Tab
14K
slonser
@slonser_
Apr 23, 2025
I just finally watched @emil_lerner talk. It's a really good talk on image processing - definitely worth 20 minutes of your time!
10K
slonser
@slonser_
May 5, 2025
Replying to @slonser_
If you’ve read my articles, you probably know that unlike other browsers, Chrome resolves the Link header on subresource requests.
31K