Formatting changes

Formatting changes to Account takeover due to unicode normalization issue
This commit is contained in:
DotDotSlash 2023-01-04 21:06:36 +05:30 committed by GitHub
parent b7df4cb6e8
commit 418ff228d0
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -127,8 +127,9 @@ When processing user input involving unicode for case mapping or normalisation,
- Victim account: `demo@gmail.com`
- Attacker account: `demⓞ@gmail.com`
- [Unisub - is a tool that can suggest potential unicode characters that may be converted to a given character!](https://github.com/tomnomnom/hacks/tree/master/unisub)
- [Unicode pentester cheatsheet!](https://gosecure.github.io/unicode-pentester-cheatsheet/) can be used to find list of suitable unicode characters based on platform
[Unisub - is a tool that can suggest potential unicode characters that may be converted to a given character](https://github.com/tomnomnom/hacks/tree/master/unisub).
[Unicode pentester cheatsheet](https://gosecure.github.io/unicode-pentester-cheatsheet/) can be used to find list of suitable unicode characters based on platform.
## Account Takeover Via Cross Site Scripting