terjanq @terjanq
security enthusiast that loves hunting for bugs in the wild. co-founder and player of @justCatTheFish. infosec at @google. opinions are mine. github.com/terjanq Switzerland Joined January 2019-
Tweets2K
-
Followers9K
-
Following222
-
Likes2K
DOMPurify 3.1.1 & 2.5.1 have been released. Both are security releases & should be upgraded to asap. Note: More releases might follow, the mitigated attack is novel. Eternal gratitude goes to @IcesFont for finding, reporting & helping with fixes 🙇 github.com/cure53/DOMPuri…
@Rhynorater @terjanq @kinugawamasato haha yes, was amazed when I saw that. Then I found out it was a matter of RTFM. Its hidden in plain sight: docs.angularjs.org/api/ng/directi…
Recently found a bypass in DOMPurify in certain cases. Today, versions 3.0.10 and 2.4.8 were released, fixing the issue. Documented the problem here: blog.slonser.info/posts/dompurif… Thanks to mario of @cure53berlin for excellent communication! #DOMPurify #security
I then found the last piece of the puzzle: a mass assignment bug in the `/backend-api/conversation` endpoint that allowed me to inject arbitrary metadata into a conversation by pretending to be the assistant. Blog: imperva.com/blog/xss-marks…
it's the writeup for DiceCTF 2024, the web challs are interesting as usual. Keywords: 1. crash chromium 2. slower css style 3. xsleak 4. URL length limit 5. service worker 6. background fetch 7. connection pool 8. css injection + iframe width blog.huli.tw/2024/02/12/en/…
We spent some time backing up most of the CTF challenges for 2023 (there are bound to be incomplete cases) The attachments and title descriptions we have compiled and some writeup. Now We open it to the community. hope it can help u r3kapig-not1on.notion.site/2023-4828bf0bb…
Writeups for my challenges in #SECCON CTF 2023 Finals! - cgi-2023: XS-Leak with CSP error reports by SRI checks. - LemonMD: Breaking Islands Architecture of Fresh. - DOMLeakify: New CSS injection on style **attributes**. and 2 challs. blog.arkark.dev/2023/12/28/sec…
It might be a little bit late, but these are the writeups for the challenges I solved (babywaf, cgi-2023, Plain Blog, DOMLeakify): hackmd.io/@IOKh9vO3ReOUW…
Organizing a PWNing meetup about Pwntools and Pwndbg at #37c3, join us at 3rd day on 19:00 and 22:00: events.ccc.de/congress/2023/… and events.ccc.de/congress/2023/…
I think it's time for a solution ⏰ To solve this challenge, you had to abuse the DOMPurify namespace misconfiguration to trigger an XSS this way 👇 Solution link: challenges.mizu.re/xss_02.html?ht… 1/6
I think it's time for a solution ⏰ To solve this challenge, you had to abuse the DOMPurify namespace misconfiguration to trigger an XSS this way 👇 Solution link: challenges.mizu.re/xss_02.html?ht… 1/6 https://t.co/crztnomjq6
@BSidesLondon @roachy I spoke about XS-Leaks on the modern web. Slides from today are available at zeyu2001.com/pdf/talks/bsid…
Try to catch the XSS 🧐 Think this one is a bit harder, but feel free to prove me wrong! No answers in the comments, please try-to-catch.glitch.me
finally wrote a new blog post, hopefully there's some interesting info blog.ankursundara.com/cookie-bugs/
A few months ago, we ran HackAPrompt, the first-ever global Prompt Hacking competition! Over 3K hackers submitted 600K malicious prompts to win $35K in prizes from companies like @PreambleAI, @OpenAI, & @huggingface We analyzed 29 different techniques & found a NEW exploit👇🧵
Intigriti @intigriti
155K Followers 644 Following Global Bug Bounty & VDP Platform. 🌐: https://t.co/fgCupJckrW ▶️: https://t.co/lRfCzZBgb7 👾: https://t.co/Inf7N9VQIlSam Curry @samwcyo
77K Followers 944 Following Hacker, bug bounty hunter. Run a blog to better explain web application security.Gareth Heyes \u2028 @garethheyes
32K Followers 1K Following JavaScript for hackers: Learn to think like a hacker. https://t.co/e0aNEbEDk5Joseph Thacker @rez0__
49K Followers 866 Following the promptfather. christian. hacker. hobby jogger. principal ai engineer @appomnisecurity.Nathaniel @nnwakelam
38K Followers 1K Followinghakluke @hakluke
88K Followers 2K Following Hacker, bounties, entrepreneur. I help cybersecurity companies produce amazing content for their blogs and socials. Founder of: @haksecio and @hacker_contentPwnFunction @PwnFunction
38K Followers 981 Following I make animated computer science videos • product & ai @pdiscoveryio • blog at https://t.co/RLiSNOVQ0WInfoSec Community @InfoSecComm
38K Followers 637 Following Largest InfoSec publication with 30k+ followers and 1M+ monthly views. 3rd edition of @IWcon_ happening in December 2023!@[email protected].. @SecurityMB
10K Followers 288 Following Improving the world’s security at Google. Opinions are mine.Bug Bounty Reports Ex.. @gregxsunday
38K Followers 555 Following Grzegorz Niedziela - a hacker who documents his hacking journey by creating and curating the best content about bug bounty and offensive security.Farah Hawa @Farah_Hawaa
44K Followers 840 Following security analyst @fbsecurity | part-time bug hunter | content creator | she/her | views = minerenniepak @renniepak
10K Followers 341 Following Self-XSS connoisseur. Elite Hacker. MVH H11337UPBash. One-Percent Man. Co-Founder @HackerHideout (he/him)Harsh Bothra @harshbothra_
42K Followers 661 Following Freelance Pentester & Consultant • Cobalt Core Lead & Pentester • Author • Speaker • Blogger • SecurityExplained • Project Bheem • Learn365 • Views are personalYoussef Sammouda (sam.. @samm0uda
32K Followers 429 Following Hacker, bug bounty hunter, guy behind https://t.co/TBAtP71Cop. 1st in Meta bug bounty program for the last 5 years. YES Team MemberTuan Anh Nguyen 🇻�.. @haxor31337
13K Followers 2K Following 28 y/o Bug Bounty Hunter and Red Teamer at Viettel Cyber Security. Brand Ambassador @Hacker0x01 - Researcher Spotlight @BugcrowdLouis Nyffenegger @snyff
18K Followers 598 Following Founder/CEO/Trainer/Researcher/CVE archeologist @PentesterLab. Security engineer. Bugs are my own, not of my employer...Justin Gardner @Rhynorater
27K Followers 2K Following Christian | Full-time Bug Bounty Hunter | Host of @ctbbpodcast | Advisor @CaidoIO | 2x HackerOne MVH | 🗣️ English, 日本語 | ♥️ @mariahchan_ ♥️Muhammad Farhad Ansar.. @ft_eagle_eye_1
185 Followers 2K Following They plan. And Allah plans. And Allah is the best of planners ~ Qur'an 8:30Erik Donker @kire_devs_hacks
423 Followers 380 Following I develop stuff and I hack things. Microsoft MSRC 2023 Most Valuable Researcher (11th place), top Dynamics 365 researcher (1th place).sink0Rswim @laceandload
117 Followers 2K FollowingPortas @Portas1337
21 Followers 193 Followingmartin @martin28118026
138 Followers 700 Following I love working just working for my benefit and communitycelesian @c3l3si4n
3K Followers 366 Followingsushi com abacate @sushicomabacate
5K Followers 1K Following Smashing the abacates for fun and profit - Cybersec manager - Ex Javinha/Python - @BolhaSeccrazyman @crazyman823886
336 Followers 647 Following CTFer / APT hunter / RedTeam / BlueTeam the member of @r3kapig the leader of @ShadowChasing1 CVE-2022-30190 find job opportunities pre account @CrazymanArmyBug Plowman @BrandonMPlowman
182 Followers 2K Followingdjsksjsjsjsj @HikmetS16188
0 Followers 28 Following나영욱(이창제/�.. @nayeong45489484
171 Followers 4K Following 나사로 상임 명예 회장/세계중앙은행 상임 명예 총재/하버드 의대 상임 석좌 부교수/현대아산 변호법인 사업체 대표이사/독립수사과 아브라함 함대 대장/대통영 명예훈장/서울중앙지법 민사합의12부 부장 판사/슈퍼 바이어/천성공사,천궁전,천사원장/연합군 최고 총 사령관/장원급제 문공입니다.𝓐𝓻𝓲𝓷𝓪 @Svbite
2 Followers 196 FollowingOlamDeen @Olamdeen
288 Followers 683 Following Cybersecurity Researcher | 💻 Penetration Tester | ✍️ Content Creator | UI/UX designerHatxhdh @Webcreep2
251 Followers 3K Following VulnerabilityResearcher,patch,Pen testing || forensic scientist || Ghostwriting || Copy writing || OSINT lover 💥Karan @cyberlogist
1 Followers 45 FollowingK1nz @viet_kien16450
105 Followers 2K Followinghigh tech low life @buffer_0verwh0a
173 Followers 1K Following bug bounty 🪲| recovering script kiddie 🏴☠️ | lockpicking 🔑 | tech trash 🗑 | day job breaching the cloud ☁️ | emulating adversaries 😈 |jatin singh @jatinsingh68623
1 Followers 21 FollowingJoe @Joe31764327
36 Followers 458 Followingaman @awwliveyet
354 Followers 458 Following driven to web3 sec; bug bounty hunter; guitarist; mostly rev & web ctfsStraw Hat @0xStrawHat
190 Followers 146 Following Beginner Bug Bounty Hunter | Straw Hat Hacker | Posting my journey of hacking.Howard Nguyen @ngtrh1eu
74 Followers 207 Following Member of Team Orca @seasecresponse. Tweets are my own. Pwn2Own Vancouver 2022.hawk_x @AkashA19587895
93 Followers 861 Following Passionate Cybersecurity Enthusiast 🧑💻 | Security Researcher | Bug Hunter🎯Raphael (Schem4) Fior.. @Schem4_
10 Followers 55 Following Offensive Security Researcher | Information Security Specialist | Red Team Leader | eJPT and eWPT Certifications | Contribution to 5 CVEs | Python DeveloperSectum @sectumbug
1 Followers 7 Followingteteu @uteteump3
21 Followers 116 Following Cristo Jesus veio ao mundo para salvar os pecadores, dos quais eu sou o pior.Adnane Harib @3dnaaan
0 Followers 20 FollowingAhamed Farzad @ahamedfarzad
2 Followers 174 Followingclon3en @clon3en
0 Followers 63 Followingpimporca @pimporca
17 Followers 89 Following I'm interested in Cybersecurity, looking to make friends and share my journeyltsirkov @lyubo_tsirkov
92 Followers 351 FollowingMarkus Burns @MarkusBurns9
26 Followers 1K FollowingArian Denopan @tanobatho
1 Followers 61 FollowingLalith Kumar @LexiLominite
739 Followers 619 Following Ethical Hacker | Red Teamer | Penetration Tester 19 year OLD! Working Out.... Certifications: OSCP, eCPPTv2, eWPT, CRTP, PNPT , eJPTIntigriti @intigriti
155K Followers 644 Following Global Bug Bounty & VDP Platform. 🌐: https://t.co/fgCupJckrW ▶️: https://t.co/lRfCzZBgb7 👾: https://t.co/Inf7N9VQIlSam Curry @samwcyo
77K Followers 944 Following Hacker, bug bounty hunter. Run a blog to better explain web application security.Gareth Heyes \u2028 @garethheyes
32K Followers 1K Following JavaScript for hackers: Learn to think like a hacker. https://t.co/e0aNEbEDk5PortSwigger Research @PortSwiggerRes
88K Followers 7 Following Web security research from the team at @PortSwiggerPwnFunction @PwnFunction
38K Followers 981 Following I make animated computer science videos • product & ai @pdiscoveryio • blog at https://t.co/RLiSNOVQ0WJames Kettle @albinowax
70K Followers 83 Following Director of Research at PortSwigger Burp Suite Check out my website for published research, other social platforms & contact details@[email protected].. @SecurityMB
10K Followers 288 Following Improving the world’s security at Google. Opinions are mine.Bug Bounty Reports Ex.. @gregxsunday
38K Followers 555 Following Grzegorz Niedziela - a hacker who documents his hacking journey by creating and curating the best content about bug bounty and offensive security.Farah Hawa @Farah_Hawaa
44K Followers 840 Following security analyst @fbsecurity | part-time bug hunter | content creator | she/her | views = minerenniepak @renniepak
10K Followers 341 Following Self-XSS connoisseur. Elite Hacker. MVH H11337UPBash. One-Percent Man. Co-Founder @HackerHideout (he/him)Harsh Bothra @harshbothra_
42K Followers 661 Following Freelance Pentester & Consultant • Cobalt Core Lead & Pentester • Author • Speaker • Blogger • SecurityExplained • Project Bheem • Learn365 • Views are personalYoussef Sammouda (sam.. @samm0uda
32K Followers 429 Following Hacker, bug bounty hunter, guy behind https://t.co/TBAtP71Cop. 1st in Meta bug bounty program for the last 5 years. YES Team MemberXSS Payloads @XssPayloads
43K Followers 0 FollowingJustin Gardner @Rhynorater
27K Followers 2K Following Christian | Full-time Bug Bounty Hunter | Host of @ctbbpodcast | Advisor @CaidoIO | 2x HackerOne MVH | 🗣️ English, 日本語 | ♥️ @mariahchan_ ♥️Inti De Ceukelaire @securinti
29K Followers 387 Following Hacker | @intidc (Dutch) | Chief Hacker Officer @intigritiFrans Rosén @fransrosen
39K Followers 899 Following Dev/Security/Founder at @centrahq/@detectify/@poweredbyingrid. I do not advertise doing hacking services, do not trust the ones telling you I do.crazyman_army @CrazymanArmy
6K Followers 3K Following CTFer / APT hunter / RedTeam / BlueTeam the member of @r3kapig the leader of @ShadowChasing1 CVE-2022-30190 find job opportunities opinions are own not groupstypr @brokenpacifist
4K Followers 550 Following Touring sourcecodes @dfsec_com. AS400671 Operator (ARIN). All my exploits are written in nano.TomNomNom @TomNomNom
69K Followers 1K Following Open-source tool maker, web security person, trainer, talker, eater. He/him. Tools: https://t.co/pVV3LH3UsU YouTube: https://t.co/03Nrl7oBZIcrazyman @crazyman823886
336 Followers 647 Following CTFer / APT hunter / RedTeam / BlueTeam the member of @r3kapig the leader of @ShadowChasing1 CVE-2022-30190 find job opportunities pre account @CrazymanArmyNaugtur 💔🇺🇦 @naugtur
1K Followers 350 Following Working on supply chain security for JS. meet.js Poland organizer. Node.js user since v0.8. Addicted to teaching. Fediverse with me @[email protected]pilvar @pilvar222
638 Followers 356 Following Computer Science student @EPFL | CTF player @polygl0ts and @0rganizers | ECSC Swiss National Hacking Team @TeamM0unt41n | Part-time bug hunter 🐞embedded @embe221ed
143 Followers 299 Following Blockchain Auditor @osec_io. Interested in binary, smart contract, kernel, v8 exploitation. Capturing flags with @justCatTheFish and @AlphaPwners.Paulos Yibelo @PaulosYibelo
5K Followers 398 Following security researcher, hacker, prev @octagonnetworks , player @detectify🗺🦉/, I haxor everything I touchsudi @sudhanshur705
4K Followers 529 Following Remember, whatever happens... There's always a vulnerabilityŁukasz @maldr0id
13K Followers 999 Following Military-grade @Android malware reverse engineer @Google || "Tom Brady of malware strings analysis" - @MalwareTech || Tweets are my own opinions || he/him ✨🌈🦄hextree.io @hextreeio
5K Followers 2 Following 🌱 Grow your cybersecurity skills with concise and well-edited video courses - coming soon! Created by @LiveOverflow and @ghidraninja.Johan Carlsson @joaxcar
4K Followers 155 Following Father and developer during the day, looking for bugs at night 🐞. Using Twitter for infosec only. Also on: @[email protected]Gal Weizman @WeizmanGal
1K Followers 466 Following Browser JS {App} Security @MetaMask 🦊 & LavaMoat 🌋 | Creator of Snow JS ❄️ | Sometimes finds CVEs, no longer on purpose | In a toxic relationship with iframesDerin Eryilmaz @deryilz
483 Followers 34 Following Student with hobby for security research who messes with Chromium and Javascript. 🇺🇸 🇹🇷Kévin - Mizu @kevin_mizu
3K Followers 648 Following Vulnerability researcher 🐛 | CTF with @HexagonCTF, @rhackgondins 🦦 | Team FR 2023 🇫🇷 | https://t.co/sEBb6VnMrmAndrew McCalip @andrewmccalip
67K Followers 884 Following Building space capsules and robots @vardaspace. Building silly stuff @ https://t.co/UQ3XclTUSF Former: Co-Founder Cosine Additive, acquired by GECritical Thinking - B.. @ctbbpodcast
13K Followers 50 Following A 'by Hackers for Hackers' podcast focused on technical content ranging from bug bounty tips, to write-up explanations, to the latest exploitation techniques.PinkDraconian @PinkDraconian
9K Followers 256 Following ▶️ YouTube: https://t.co/j2KvfZx6Un 📷 Instagram: https://t.co/T0FjI2yABsDiceGang @dicegangctf
3K Followers 25 Following Play 🎲 DiceCTF 2024 Quals to qualify for DiceCTF Finals in New York City!Satoooon @Satoooon1024
784 Followers 723 Following CTF(Web) w/@thehackerscrew1 | AtCoder緑 | seccamp'21-C | Mastodon: https://t.co/n78LO4cTLespq @__spq__
1K Followers 733 Following @CCCAC, @EatSleepPwnRpt, @RedRocket_ctf; Security engineer at Google. https://t.co/iLgztkYj2CCarolina Zarate @zaratec4
864 Followers 268 Following 👽 Meme Queen, Defender of Heck 👽 | PPP member | CMU alum | CTFs & security~ ✨ @[email protected]Vie @vie_pls
1K Followers 231 Following Security Engineer @Google red team by day — artist by night — CTFs with @mmm_ctf_team — @UBC alumni — opinions expressed are my ownperfect blue @pb_ctf
5K Followers 17 Following A weeb team with a CTF problem. The official Twitter account of the perfect blue CTF team.Zeyu (Zayne) | @zeyu2.. @zeyu2001
1K Followers 500 Following CS @Cambridge_Uni | CTFs @Water_Paddler / 💦, @seetf_sg (Founder) | Security @ElectrovoltSec / @cure53berlin (ex: TikTok) | DEF CON 31-32 finalist尺ノ匚卄卂尺り @h43z
5K Followers 2K Following Interested in the unexpected - js, web, security, bitcoin, mind, religion, drugs, history, psychology, culture, freedom and trailrunninģ̧᷿̤̲̲̝̞̪͎̰̭̻͇Łukasz Bok @LukaszBok
873K Followers 415 Following Autor KiKŚ. Zainteresowania: Bliski Wschód, sport, żywioły. Tutaj prywatnie.Simon Scannell @scannell_simon
3K Followers 481 Following Cloud Vulnerability Research @ google. Opinions are my ownAlphabet Workers Unio.. @AlphabetWorkers
35K Followers 704 Following Organized Alphabet workers, unionizing with @CODE_CWA as members of @CWAUnion Local 9009. Contact us: [email protected]Electrovolt Security @ElectrovoltSec
731 Followers 15 Following Powering Web Security, Research and Audits ⚡️maple3142 @maple3142
662 Followers 2K Following 資工系研究生/Master's student in Computer Science 中文/English/日本語(勉強中) CTF (@XxTSJxX, ${CyStick}): web, cryptoMarco Squarcina @blueminimal
2K Followers 725 Following Senior Scientist @tuvienna / Web security / CTF with @mhackeroni @We_0wn_Y0u / #drumandbass DJ / @[email protected]Lukasz Olejnik @lukOlejnik
13K Followers 264 Following Security & Privacy. Data protection. Research. Engineering. Analyst. Policy. W3C/IE. Consultant. Book author. (perhaps happy to do work for you?). Ph.D, LL.M.foxtrot_charlie @foxtrot_0x4fult
1K Followers 2K Following It won't get better. Brace for impact lads! IT security researcher/pentester, IRCop. Senior shitposter & meme evangelist.Huli | lang: zh-Hant-.. @hulitw
4K Followers 505 Following ISFP / Front-end <=> Security | English account: @aszx87410 | 偶爾跟 @Water_Paddler 一起打 CTF | 無聊的時候喜歡寫文章Paweł Kusiński @_pkusik
329 Followers 208 Following Security enthusiast especially interested in web & cloud security ☁, CTF player, blogger and Lego freak after hours 👾 AWS Community Builderszymex73 @szymex73
2K Followers 985 Following Breaking computers at REDACTED | Capturing 🚩 with @justCatTheFish | @[email protected]Inti De Ceukelaire @intidc
16K Followers 250 Following ꪜ Official Hacker @securinti (EN) | @[email protected] | 📩 [email protected] | views are my ownHarel @H4R3L
1K Followers 344 Following Bug Bounty hunter | CTF Player | 19/yo wannabe security researcherWowwww this is awesome.
@cure53berlin @IcesFont Ooh wow deep nesting! Can't wait to reproduce at home
DOMPurify 3.1.1 & 2.5.1 have been released. Both are security releases & should be upgraded to asap. Note: More releases might follow, the mitigated attack is novel. Eternal gratitude goes to @IcesFont for finding, reporting & helping with fixes 🙇 github.com/cure53/DOMPuri…
Very unusual browser behavior has lead to what seems to be a whole new class of mXSS, and we will release new versions of DOMPurify soon so to make sure you can protect against that. Stay tuned, more details soon, latest on Monday.
This Friday, I'm presenting a novel technique as part of my talk "Secret web hacking knowledge - CTF authors hate these simple tricks". I've made a challenge about it, will you be able to pop an alert on pilv.ar ? The whole source code is in the screens below :)
Wow, HTTP QUERY landed in Node.js 21.7.2 GET with request body 🤯
This was five years ago today. Is XSS dead in most popular frameworks? Are you out of business @cure53berlin & @garethheyes ?
@ndm @LocoMocoSec @mikispag @we1x @kkotowicz XSS dead in < 5 years for most popular frameworks! 😁
Under-rated bug bounty tip: get locked in. When I'm locked in on a target, I... * Read documentation when waiting in line, when on the toilet, when eating * Listen to videos on the target while washing dishes, driving, exercising
I've built a brand new version of my fuzzing tool Shazzer🚀 shazzer.co.uk - Easy fuzz browser behaviour - Find bugs - Share the results with the world
Just submitted my ✨ new research to Black Hat USA #BHUSA, and it's all about Web Security this time! Hoping the US will approve my VISA this year, giving me the chance to back to the stage again! :/ @BlackHatEvents
It's time to present my first little blog post, on XSS WAF bypass Feel free to send me feedback (: onetest.fr/posts/xss-waf-…
I *WAS* WRONG - $10K CLAIMED! ## The Claim Two days ago, I confidently claimed that "GPTs will NEVER solve the A::B problem". I believed that: 1. GPTs can't truly learn new problems, outside of their training set, 2. GPTs can't perform long-term reasoning, no matter how simple…
A::B Prompting Challenge: $10k to prove me wrong! # CHALLENGE Develop an AI prompt that solves random 12-token instances of the A::B problem (defined in the quoted tweet), with 90%+ success rate. # RULES 1. The AI will be given a random instance, inside a <problem/> tag. 2.…
I'm proud to be the H1 ambassador for Poland🇵🇱 All the polish hackers interested, DM me to join to hack and have fun together😏
EMEA Pt. 1 @dee__see Ireland 🇮🇪 @rotembar Israel 🇮🇱 @val_brux Portugal 🇵🇹 @GreenJamSec U.K. 🇬🇧 @njcve_ U.K. 🇬🇧 @gregxsunday Poland 🇵🇱 @_lauritz_ Germany 🇩🇪 @s3c_krd Iraq 🇮🇶
@Rhynorater @terjanq @kinugawamasato haha yes, was amazed when I saw that. Then I found out it was a matter of RTFM. Its hidden in plain sight: docs.angularjs.org/api/ng/directi…
@G0LDEN_infosec @aszx87410 @terjanq @kevin_mizu @garethheyes are a good start. Gareths book, the three other have a lot of posts on blogs etc. Things like this aszx87410.github.io/beyond-xss/en/
Recently found a bypass in DOMPurify in certain cases. Today, versions 3.0.10 and 2.4.8 were released, fixing the issue. Documented the problem here: blog.slonser.info/posts/dompurif… Thanks to mario of @cure53berlin for excellent communication! #DOMPurify #security
Have we considered just asking the processor nicely not to speculate
@pilvar222 This is a nice trick! If you are interested, @terjanq have made a challenge / article about it: terjanq.medium.com/arbitrary-pare… I also found something equivalent on drawio using a restrictive JSONP endpoint to bypass a CSP: huntr.com/bounties/4c1c5…