Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/portswigger/splitting-the-email-atom
https://github.com/portswigger/splitting-the-email-atom
Last synced: about 2 months ago
JSON representation
- Host: GitHub
- URL: https://github.com/portswigger/splitting-the-email-atom
- Owner: PortSwigger
- Created: 2024-07-11T07:46:31.000Z (6 months ago)
- Default Branch: main
- Last Pushed: 2024-08-05T14:49:26.000Z (5 months ago)
- Last Synced: 2024-08-08T01:37:06.112Z (5 months ago)
- Language: HTML
- Size: 276 KB
- Stars: 5
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# Splitting The Email Atom: Exploiting Parsers To Bypass Access Controls
Welcome to the repo. This repository contains all the materials for my talk "Splitting The Email Atom:Exploiting Parsers To Bypass Access Controls".
You can read about this research at:
https://portswigger.net/research/splitting-the-email-atom
The Joomla directory contains all the code to replicate the demo I presented live at Black Hat and DEFCON.
The tools directory contains all the tools I used for this research. Including the CSS exfiltrator, Hackvertor tags, PHP Punycode fuzzer, converter, SMTP fuzzing scripts and Turbo Intruder scripts.
## Academy CTF challenge
We've created a [CTF on the Web Security Academy](https://portswigger.net/web-security/logic-flaws/examples#email-address-parser-discrepancies) so you can try out your new skills.