Chackal (Esdras DAGO)

Last year, I had a few weeks between jobs and decided to look at the infrastructure security of random Linux distributions with the good friends at Fenrisk.

We ended up getting code execution on the Fedora Git forge hosting all package sources and on the Open Build Service instance of openSUSE […]

I'm very happy to finally share the second part of my DOMPurify security research 🔥

This article mostly focuses on DOMPurify misconfigurations, especially hooks, that downgrade the sanitizer's protection (even in the latest version)!

Link 👇
mizu.re/post/explori...

1/2

Yes sure, mine is W461ASC-E (I chose this specific version because I asked Trend micro the exact version they wanted to use for the contest to make sure I use the same) running 2.800.020000000.3.R.2022331

If necessary, you can find the sonia binary here on my VPS poc.chackal.ovh/sonia

Amazing vulnerabilities, thanks for the sharing!

I just tested and while it took several attempts and a bit of time (~5-7 minutes) the first stage finally worked and the second stage too (on the first try).

Did the failure was related to the leak step and the auth code being not valid?