📧 Subscribe to BBRE Premium: bbre.dev/premium
✉️ Sign up for the mailing list: bbre.dev/nl
📣 Follow me on twitter: bbre.dev/tw
This video is a writeup of a vulnerability I found in Google's golang/net/html library that could lead to an XSS. It was my first submission to Google and I got a bounty of $3,133.70 for it.
Link to the exploit and hypothetical vulnerable app: gist.github.co...
Commit with the fix: github.com/gol...
🖥 Get $100 in credits for Digital Ocean: bbre.dev/do
Timestamps:
00:00 Intro
00:28 Preparations before reviewing the code
00:57 Where do I start security code review?
02:00 The bug - XSS in golang net/html library due to invalid parsing of the comments