REGEXSS: How .* Turned Into over $6k in Bounties

sec.stealthcopter.com · bugbountydaily · 5 months ago

0 net

Overly-greedy regex replacements can break HTML sanitisation and lead to XSS. I’ve already pulled in over $6k from this bug class, and there are plenty mo

← Back to stories