Updated unicode normalization issue

Added helpful tools to 'Account takeover due to unicode normalization issue'
This commit is contained in:
DotDotSlash 2023-01-04 21:03:20 +05:30 committed by GitHub
parent 5190829ab4
commit b7df4cb6e8
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -122,9 +122,13 @@ See: [CVE-2020-7245](https://nvd.nist.gov/vuln/detail/CVE-2020-7245)
### Account takeover due to unicode normalization issue
When processing user input involving unicode for case mapping or normalisation, unexcepted behavior can occur.
- Victim account: `demo@gmail.com`
- Attacker account: `demⓞ@gmail.com`
- [Unisub - is a tool that can suggest potential unicode characters that may be converted to a given character!](https://github.com/tomnomnom/hacks/tree/master/unisub)
- [Unicode pentester cheatsheet!](https://gosecure.github.io/unicode-pentester-cheatsheet/) can be used to find list of suitable unicode characters based on platform
## Account Takeover Via Cross Site Scripting