DOM XSS in Gmail with a little help from Chrome How to use browser features to help find DOM XSS. The invisible Messages of Gmail Last year, I looked for DOM XSS in Gmail website. Instead of using url params or the emails themselves as the source of the attack, I decided to use the much more discreet yet ubiquitous postMessage api. At first glance,… Read More
Into the Borg – SSRF inside Google production network Intro – Testing Google Sites and Google Caja In March 2018, I reported an XSS in Google Caja, a tool to securely embed arbitrary html/javascript in a webpage. In May 2018, after the XSS was fixed, I realised that Google Sites was using an unpatched version of Google Caja, so I looked if it was… Read More