terjanq's Avatar

terjanq

@terjanq.me

security enthusiast that loves hunting for bugs in the wild. co-founder and player of @justCatTheFish. infosec at @google. opinions are mine. From: https://twitter.com/terjanq

2,505
Followers 150
Following 37
Posts 13.11.2023
Joined
Posts Following

Latest posts by terjanq @terjanq.me

absolutely!

02.02.2025 07:00 πŸ‘ 1 πŸ” 0 πŸ’¬ 1 πŸ“Œ 0
Preview
Post: x3CTF - blogdog (+ new CSS Injection XS-Leak!) | Jorian Woltjer A "hard web xssbot" challenge about a fun browser quirk with the is= attribute to perform CSS Injection. Bypass the strict CSP with an unintended new technique to XS-Leak a selector's result by detect...

During #x3ctf, I discovered an unintended solution that turned out to be a pretty cool generic technique. It allows you to detect the result of a selector during CSS Injection, bypassing any CSP restricting external requests!
Check out the writeup below:
jorianwoltjer.com/blog/p/ctf/x...

26.01.2025 21:14 πŸ‘ 23 πŸ” 6 πŸ’¬ 1 πŸ“Œ 1

added!

20.01.2025 17:24 πŸ‘ 0 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0

Here is (finally) the writeup and conclusion of the challenge:
joaxcar.com/blog/2024/12...

Maybe not the best write-up, but I have to allow myself to actually post, rather than refactor, posts. I hope someone finds it useful. And thanks everyone that participated. Special shoutout to @terjanq.me

20.12.2024 22:52 πŸ‘ 11 πŸ” 4 πŸ’¬ 0 πŸ“Œ 0

One thing that I was missing when using the tool was to get the entire output rather than body. Another thing was being able to copy to clipboard generated input and output. These would be useful!

20.12.2024 17:35 πŸ‘ 0 πŸ” 0 πŸ’¬ 1 πŸ“Œ 0

Added!

20.12.2024 17:11 πŸ‘ 0 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0

added!

18.12.2024 22:34 πŸ‘ 1 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0
11 char XSS (slower race-condition)

The latest version should be quite straightforward. If you like magic, then I recommend checking out the previous version πŸ˜„ terjanq.me/solutions/jo...

It includes more trickier races πŸ˜…

16.12.2024 12:15 πŸ‘ 1 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0

Managed to greatly improve:

* performance
* accurracy
* cross-platform support (should now work on both Chrome & Firefox)

Check out the updated version! πŸ˜ƒ

15.12.2024 16:39 πŸ‘ 3 πŸ” 0 πŸ’¬ 2 πŸ“Œ 0
Post image

settings ➑️ content & media ➑️ threads ➑️ experimental

Helps a lot with longer threads!

15.12.2024 13:19 πŸ‘ 6 πŸ” 1 πŸ’¬ 0 πŸ“Œ 0
Hacking Discord for $5000 Bounty
Hacking Discord for $5000 Bounty YouTube video by Mrgavyadha

Imagine opening a Discord message and suddenly your computer is hacked.

We discovered a bug that made this possible and earned a $5,000 bounty for it.

Here's the story and a beginner-friendly deep dive into V8 exploit development.

watch: youtu.be/R3SE4VKj678?...

14.12.2024 15:11 πŸ‘ 18 πŸ” 8 πŸ’¬ 1 πŸ“Œ 1

11 chars with bsky.app/profile/terj...

14.12.2024 12:30 πŸ‘ 1 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0

Got sniped into the challenge and ended up doing some cool XSS research :D

11 char XSS with mind-boggling race-conditions.

TL;DR the final payload is location=x (10 chars) and the longest is top.Z.x=x.d (11 char)

It's shorter than location=name !!

terjanq.me/solutions/jo...

14.12.2024 12:17 πŸ‘ 30 πŸ” 11 πŸ’¬ 1 πŸ“Œ 1

Added. Keep it up!

13.12.2024 23:37 πŸ‘ 1 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0

Added!

13.12.2024 21:16 πŸ‘ 1 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0
11 char with open()

Slow race condition but 11 chars! terjanq.me/solutions/jo... Let me know if that works for you. With that, time to stop πŸ˜…

13.12.2024 20:34 πŸ‘ 5 πŸ” 1 πŸ’¬ 0 πŸ“Œ 0

12 with open() terjanq.me/solutions/jo...

Without popups enabled, you have to click on any iframe when the bg becomes pink.

13.12.2024 16:28 πŸ‘ 0 πŸ” 0 πŸ’¬ 1 πŸ“Œ 0

I disregarded open() because it needs interaction so I didn't look too much into it. The culprit for buildup. I'm not sure how to make it 11 as top.r.d+="1" is already 12. it should be possible with 12 via top.x.x=top and then open(r.x.d) which is 11

13.12.2024 16:07 πŸ‘ 1 πŸ” 0 πŸ’¬ 1 πŸ“Œ 0

Can do it also in 12, but I agree that it's cheating with run.

terjanq.me/solutions/jo...

13.12.2024 14:13 πŸ‘ 2 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0

13* haha :D

13.12.2024 13:52 πŸ‘ 1 πŸ” 0 πŸ’¬ 1 πŸ“Œ 0

15 terjanq.me/solutions/jo...

Can be most likely improved but didn't yet figure out how to properly race condition with shorter payloads like top.x.x+="" 😢

13.12.2024 13:24 πŸ‘ 5 πŸ” 1 πŸ’¬ 1 πŸ“Œ 0

15 terjanq.me/solutions/jo...

Can be most likely improved but didn't yet figure out how to properly race condition with shorter payloads like top.x.x+="" 😢

13.12.2024 13:24 πŸ‘ 5 πŸ” 1 πŸ’¬ 1 πŸ“Œ 0

16 terjanq.me/solutions/jo...

12.12.2024 19:28 πŸ‘ 10 πŸ” 0 πŸ’¬ 4 πŸ“Œ 0

yes! added

11.12.2024 17:40 πŸ‘ 1 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0

added!

11.12.2024 17:40 πŸ‘ 1 πŸ” 0 πŸ’¬ 1 πŸ“Œ 0

Extended the starter with shy writers! πŸ˜€ If you're not on the list but write about web security, then feel free to reply with the article you're most proud of, and I will add you to the pack!

Make sure to resubscribe to not not miss on the amazing 🌐research!

go.bsky.app/9JXnB17

10.12.2024 22:29 πŸ‘ 29 πŸ” 10 πŸ’¬ 9 πŸ“Œ 0

Getting this for 2 years already :( new number most of the time. When I just moved to Switzerland, I found a paper slip from post to receive some important lettters. When I go to the post office it was all scam. The most targeted scam I ever received πŸ˜…

04.12.2024 09:37 πŸ‘ 1 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0
Preview
Web Security Writers Join the conversation

I started a Web Security Writers starter pack. Had to add 7 accounts so settled on a couple of obvious names but the idea I have for the starter is different. Please share your BEST writeup / article in the reply and I will add you to the pack! Let's shake the platform a bit with amazing research! πŸ•ΈοΈ

01.12.2024 16:34 πŸ‘ 36 πŸ” 7 πŸ’¬ 15 πŸ“Œ 0

Feel free to drop a banger here regardless! :D

01.12.2024 22:02 πŸ‘ 1 πŸ” 0 πŸ’¬ 1 πŸ“Œ 0

Starter pack seems to be glitched on web, the URL is: bsky.app/starter-pack...

01.12.2024 16:42 πŸ‘ 1 πŸ” 1 πŸ’¬ 0 πŸ“Œ 0