Posts on jub0bs.com 20

The cost of Go's panic and recover Feb 28, 2025
Programmatic handling of CORS-configuration errors with jub0bs/cors Jan 28, 2025
Reconfigurable CORS middleware with jub0bs/cors May 14, 2024
jub0bs/cors: a better CORS middleware library for Go Apr 27, 2024
A smorgasbord of a bug chain: postMessage, JSONP, WAF bypass, DOM-based XSS, CORS, CSRF... May 5, 2023
Fearless CORS: a design philosophy for CORS middleware libraries (and a Go implementation) Feb 8, 2023
Existence oracle for Secure cookies on insecure Web origins Sep 12, 2022
Scraping the bottom of the CORS barrel (part 1) Aug 4, 2022
CVE-2022-21703: cross-origin request forgery against Grafana Feb 8, 2022
Abusing Slack's file-sharing functionality to de-anonymise fellow workspace members Oct 12, 2021
Subdomain takeover: ignore this vulnerability at your peril Feb 12, 2021
The great SameSite confusion Jan 29, 2021
Protecting your apps from link-based vulnerabilities: reverse tabnabbing, broken-link hijacking, and open redirects Jul 29, 2020
A glimpse at parametric polymorphism in Go: designing a generic bidirectional map Jul 21, 2020
Leveraging an SSRF to leak a secret API key Jun 22, 2020
Chaining an IDOR with a business-logic error to achieve critical impact May 26, 2020
Plugging Git leaks: preventing and fixing information exposure in repositories Feb 26, 2020
Summary of dotGo 2019 Apr 11, 2019
Access control in Go: a primer for Java developers Aug 22, 2018
Defer: sweet, but no syntactic sugar Aug 15, 2018

Trending Tags

newsletter bypass xss cve web rce security exploit takeover app