Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/portswigger/splitting-the-email-atom


https://github.com/portswigger/splitting-the-email-atom

Last synced: about 2 months ago
JSON representation

Awesome Lists containing this project

README

        

# Splitting The Email Atom: Exploiting Parsers To Bypass Access Controls

Welcome to the repo. This repository contains all the materials for my talk "Splitting The Email Atom:Exploiting Parsers To Bypass Access Controls".

You can read about this research at:

https://portswigger.net/research/splitting-the-email-atom

The Joomla directory contains all the code to replicate the demo I presented live at Black Hat and DEFCON.

The tools directory contains all the tools I used for this research. Including the CSS exfiltrator, Hackvertor tags, PHP Punycode fuzzer, converter, SMTP fuzzing scripts and Turbo Intruder scripts.

## Academy CTF challenge

We've created a [CTF on the Web Security Academy](https://portswigger.net/web-security/logic-flaws/examples#email-address-parser-discrepancies) so you can try out your new skills.