Adi "Adico" CohenAug 2, 20225 min readXSS in Gmail's Amp4EmailBackground AMP is most commonly used as a framework to develop fast-loading content on the web. One of AMP's projects, AMP4Email has been...
Adi "Adico" CohenFeb 24, 20194 min readJSON-based XSS exploitationThe following post describes a new method to exploit injections in JSON file - Back in 2012 Introduction: In the world of Web2.0 and mash...
Adi "Adico" CohenFeb 24, 20191 min readMicrosoft Anti-XSS Library Bypass (MS12-007)The following post describes the second bypass I found to the toStaticHTML function in IE - back in 2012. Introduction: The Microsoft...
Adi "Adico" CohenFeb 24, 20192 min readtoStaticHTML: The Second Encounter (CVE-2012-1858)The following post describes the second bypass I found to the toStaticHTML function in IE - back in 2012. Introduction: The toStaticHTML...
Adi "Adico" CohenFeb 24, 20191 min readInternet Explorer 'toStaticHTML' HTML Sanitizing Information Disclosure Vulnerability CVE-2011-1252 The following post describes a bypass I found to the toStaticHTML function in IE - back in 2011. Introduction: The JavaScript function...
Adi "Adico" CohenFeb 23, 20193 min readMicrosoft Windows Shell Argument Injection - MS12-048 (CVE-2012-0175)The following post describes a vulnerability I discovered, allowing the injection of arbitrary arguments into the command string of any...