Chris Grieger's Avatar

Chris Grieger

@eternalkyu

Bug bounty hunter, security researcher and CEO @ www.blueredix.com

7
Followers 11
Following 5
Posts 02.11.2023
Joined
Posts Following

Latest posts by Chris Grieger @eternalkyu

Preview
Improper sanitization of architecture diagram iconText leads to XSS ### Summary In the default configuration of mermaid 11.9.0, user supplied input for architecture diagram icons is passed to the d3 `html()` method, creating a sink for cross site scripting. ###...

I discovered two XSS flaws in mermaid (JS diagram library) last month. The advisories got published today.

CVE-2025-54880 (github.com/mermaid-js/m...)
CVE-2025-54881 (github.com/mermaid-js/m...)

#xss #bugbounty

19.08.2025 18:47 ๐Ÿ‘ 0 ๐Ÿ” 0 ๐Ÿ’ฌ 0 ๐Ÿ“Œ 0
Preview
GitHub - fourcube/nextjs-middleware-bypass-demo: Demo for Next.js middleware bypass - CVE-2025-29927 Demo for Next.js middleware bypass - CVE-2025-29927 - fourcube/nextjs-middleware-bypass-demo

Repository with a demo of Next.js CVE-2025-29927 github.com/fourcube/nex...

24.03.2025 08:10 ๐Ÿ‘ 0 ๐Ÿ” 0 ๐Ÿ’ฌ 0 ๐Ÿ“Œ 0
Preview
Burp BCheck for CVE-2025-29927 (Next.js middleware bypass) Burp BCheck for CVE-2025-29927 (Next.js middleware bypass) - CVE-2025-29927.bcheck

Took @agarri.fr Mastering Burp Suite Pro course last week, which was fantastic. Since the Next.js middleware bypass CVE dropped over the weekend, I decided put the new knowledge to good use. Here's a BCheck script to test for the vulnerability: gist.github.com/fourcube/45a...

24.03.2025 08:01 ๐Ÿ‘ 13 ๐Ÿ” 6 ๐Ÿ’ฌ 0 ๐Ÿ“Œ 0
Preview
Temporary AWS WAF rule as a workaround for CVE-2025-29927 Temporary AWS WAF rule as a workaround for CVE-2025-29927 - aws-waf-rule-CVE-2025-29927.json

Temporary AWS WAF rule as a workaround for CVE-2025-29927: gist.github.com/fourcube/db1...

23.03.2025 22:37 ๐Ÿ‘ 1 ๐Ÿ” 0 ๐Ÿ’ฌ 0 ๐Ÿ“Œ 0

I have memories of your teasing of this in your legendary TBHM course, I'm sure this content is invaluable.

19.03.2025 18:47 ๐Ÿ‘ 0 ๐Ÿ” 0 ๐Ÿ’ฌ 0 ๐Ÿ“Œ 0
Preview
Red Blue Purple AI - December 2024 Over the course of the last two years I've been working on a new course. My area of expertise is usually offensive security, but through my consulting, advising, and leadership roles, I've been expose...

๐Ÿ›‘ GIVEAWAY ALERT ๐Ÿ›‘ โฌ‡๏ธ

Today we are giving away 3 seats to our training:

"Red Blue Purple AI" - March 27-28

Syllabus:

arcanuminfosec.gumroad.com/l/ygmlpe

Have up to FIVE entries to the giveaway on bsky!

๐Ÿ“ท Share = 2 Entries
๐Ÿ“ท Like = 1 Entry
๐Ÿ“ท Comment = 1 Entry
๐Ÿ“ท Follow = 1 Entries

19.03.2025 15:56 ๐Ÿ‘ 10 ๐Ÿ” 6 ๐Ÿ’ฌ 4 ๐Ÿ“Œ 0