Profile cover photo
Profile photo
Eduardo Vela (sirdarckcat)
Not mad.
Not mad.
About
Eduardo Vela (sirdarckcat)'s interests
View all
Eduardo Vela (sirdarckcat)'s posts

Post has attachment
🤷 Unpatched (0day) jQuery Mobile XSS
TL;DR - Any website that uses jQuery Mobile and has an open redirect is now vulnerable to XSS - and there's nothing you can do about it, there's not even patch   ¯\(ツ)/¯ . jQuery Mobile is a cool jQuery UI system that makes building mobile apps easier. It...

Post has attachment
Fighting XSS with 🛡 Isolated Scripts
TL;DR : Here's a proposal for a new way to fight Cross-Site Scripting vulnerabilities called  Isolated Scripts . You have an open-source prototype to play with the idea. Please let me know what you think! Summary In the aftermath of all the Christmas' CSP b...

One of the hidden best perks for those living in Switzerland, is that all apartments come with a walk-in refrigerator for free.

Post has attachment
Measuring web security mitigations
Summary : This past weekend I spent some time implementing a prototype for a web security mitigation, and I also spent some time thinking whether it was worth implementing as a web platform feature or not. In this blog post, I want to share how I approached...

Post has attachment
Aww, you guys! Thank you! But you really didn't have to name the airport after me. But thank you, really!
Photo

Post has attachment
How to bypass CSP nonces with DOM XSS 🎅
TL;DR  - CSP nonces aren't as effective as they seem to be against DOM XSS. You can bypass them in several ways. We don't know how to fix them. Maybe we shouldn't. Thank you for visiting. This blog post talks about CSP nonce bypasses. It starts with some co...

Post has attachment
How to bypass CSP nonces with DOM XSS 🎅
TL;DR  - CSP nonces aren't as effective as they seem to be against DOM XSS. You can bypass them in several ways. We don't know how to fix them. Maybe we shouldn't. Thank you for visiting. This blog post talks about CSP nonce bypasses. It starts with some co...

Post has attachment
A few thoughts on vulnerability pricing.

asfg

Post has attachment
Wait while more posts are being loaded