Critical Thinking - Bug Bounty Podcast Episode 111: How to Bypass DOMPurify in Bug Bounty with Kevin Mizu
Feb 20, 2025
Kevin Mizu, a security researcher at Bisecure specializing in web app security, discusses the critical vulnerabilities associated with DOMPurify. He explores dangerous allow-lists, improper sanitization techniques, and the significance of managing configurations. Mizu shares insights into his own bug bounty experiences, including the exploitation of misconfigured regex patterns and the nuances of Unicode normalization. The conversations emphasize creative thinking in cybersecurity and the intricate methods used to bypass HTML sanitization, underscoring the complexities in maintaining web application security.
Chapters
Transcript
Episode notes
1 2 3 4 5 6 7 8 9 10 11 12 13 14
Intro
00:00 • 2min
Unraveling Web Vulnerabilities
01:56 • 11min
Exploring DOM Purify: Risks and Configurations
12:52 • 9min
Exploiting DOMPurify Vulnerabilities
22:15 • 13min
Unpacking DOM Manipulation and Event Delegation
35:12 • 3min
Regex Vulnerabilities in Web Security
38:23 • 6min
Understanding DOMPurify Challenges in Web Security
44:00 • 11min
Bypassing DOMPurify: Vulnerabilities and Exploits
55:23 • 17min
Vulnerabilities in DOMPurify Sanitization
01:12:28 • 11min
Creativity and Risks in Bug Bounty Hunting
01:23:50 • 3min
Exploring Unicode Normalization for Bypassing Security Measures
01:26:36 • 3min
Sanitization Vulnerabilities and DOMPurify Exploits
01:29:21 • 16min
Exploring JavaScript Execution Vulnerabilities in DOMPurify and Happy DOM
01:45:10 • 2min
Exploring Vulnerabilities in DOMPurify and JavaScript Evaluations
01:46:53 • 2min