maciej@home:~/blog$

About security, penetration testing, python
  • Breaking Through Xss Filters In Pega Platform

    CVE-2023-26465 - Breaking Through XSS Filters with Markdown-nesting and User Mentioning in Pega Platform Last year we identified an interesting XSS vulnerability involving clever use of markdown syntaxt and user mentioning in Pega Systems Platform. This post delves into details of the PoC, providing a concise yet thorough analysis of...

  • justCatTheFish - Google CTF 2022 - Postviewer writeup.

    Postviewer was one of the web category tasks in Google CTF 2022. The author of the task - terjanq - prepared for us a client-side application whose purpose was to host files. This was realized by storing them in IndexedDB - a builtin browser API for storing data. From the...

  • New technique of stealing data using CSS and Scroll-to-Text Fragment feature.

    Wondering if anyone could leak your crypto wallet seeds? Check out my newest research on the new technique of stealing data using CSS and Scroll-to-Text Fragment feature: https://www.secforce.com/blog/new-technique-of-stealing-data-using-css-and-scroll-to-text-fragment-feature/