Episode 111: How to Bypass DOMPurify in Bug Bounty with Kevin Mizu

2025-02-20

Episode 111: In this episode of Critical Thinking - Bug Bounty Podcast Justin interviews Kevin Mizu to showcase his knowledge regarding DOMPurify and its misconfigurations. We walk through some of Kevin’s research, highlighting things like Dangerous allow-lists and URI Attributes, DOMPurify hooks, node manipulation, and DOM Clobbering.Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro m...

Got any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.io

Shoutout to YTCracker for the awesome intro music!

====== Links ======

Follow your hosts Rhynorater and Rez0 on Twitter:

https://x.com/Rhynorater

https://x.com/rez0__

====== Ways to Support CTBBPodcast ======

Hop on the CTBB Discord at https://ctbb.show/discord!

We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.

You can also find some hacker swag at https://ctbb.show/merch!

====== Resources ======

Exploring the DOMPurify library: Bypasses and Fixes (1/2)

https://mizu.re/post/exploring-the-dompurify-library-bypasses-and-fixes

Exploring the DOMPurify library: Hunting for Misconfigurations (2/2)

https://mizu.re/post/exploring-the-dompurify-library-hunting-for-misconfigurations

Dom-Explorer tool

https://yeswehack.github.io/Dom-Explorer/shared?id=772a440c-b0c2-4991-be71-3e271cf7954f

CT Episode 61: A Hacker on Wall Street - JR0ch17

https://www.criticalthinkingpodcast.io/episode-61-a-hacker-on-wall-street-jr0ch17/

====== Timestamps ======

(00:00:00) Introduction