ch0ic3/PayloadsAllTheThings
1
0
Fork 0
mirror of https://github.com/swisskyrepo/PayloadsAllTheThings.git synced 2024-12-19 10:56:10 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Updated unicode normalization issue

Browse Source 
Added helpful tools to 'Account takeover due to unicode normalization issue'
This commit is contained in:
DotDotSlash 2023-01-04 21:03:20 +05:30 committed by GitHub
parent 5190829ab4
commit b7df4cb6e8
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
Account Takeover/README.md
View File

@ -122,9 +122,13 @@ See: [CVE-2020-7245](https://nvd.nist.gov/vuln/detail/CVE-2020-7245)
### Account takeover due to unicode normalization issue ### Account takeover due to unicode normalization issue
When processing user input involving unicode for case mapping or normalisation, unexcepted behavior can occur.
- Victim account: `demo@gmail.com` - Victim account: `demo@gmail.com`
- Attacker account: `demⓞ@gmail.com` - Attacker account: `demⓞ@gmail.com`
- [Unisub - is a tool that can suggest potential unicode characters that may be converted to a given character!](https://github.com/tomnomnom/hacks/tree/master/unisub)
- [Unicode pentester cheatsheet!](https://gosecure.github.io/unicode-pentester-cheatsheet/) can be used to find list of suitable unicode characters based on platform
## Account Takeover Via Cross Site Scripting ## Account Takeover Via Cross Site Scripting