my new blogpost is out!!
this one talks about a new web vulnerability class i discovered that allows for complex interactive cross-origin attacks and data exfiltration
and i've already used it to get a google docs bounty ^^
have fun <3
https://lyra.horse/blog/2025/12/svg-clickjacking/
Rebane
npub1jd…408ye
2025-12-04 14:03:39 UTC
Author Public Key
npub1jd6jws6am6vmwt8yyuke86l7sxrt6zlymaynfdsqnwgr2atk2pnqt408yeSeen on
wss://relay.momostr.pinkPublished at
2025-12-04 14:03:39 UTCEvent JSON
{
"id": "2185196b624e1deab9c1d9c79fac0e39aaa3df936350d30328634fe3b0be7ae5",
"pubkey": "937527435dde99b72ce4272d93ebfe8186bd0be4df4934b6009b903575765066",
"created_at": 1764857019,
"kind": 1,
"tags": [
[
"proxy",
"https://infosec.exchange/@rebane2001/115661669658436967",
"web"
],
[
"proxy",
"https://infosec.exchange/users/rebane2001/statuses/115661669658436967",
"activitypub"
],
[
"L",
"pink.momostr"
],
[
"l",
"pink.momostr.activitypub:https://infosec.exchange/users/rebane2001/statuses/115661669658436967",
"pink.momostr"
],
[
"-"
]
],
"content": "my new blogpost is out!!\n\nthis one talks about a new web vulnerability class i discovered that allows for complex interactive cross-origin attacks and data exfiltration\n\nand i've already used it to get a google docs bounty ^^\n\nhave fun \u003c3\n\nhttps://lyra.horse/blog/2025/12/svg-clickjacking/",
"sig": "1f40f9a271db4742d6693c57ea2bb8f895572f39c9bf08efc5b2c889dcc5ded95a3b57a9f013a700bbafade91761ea3bf5a3b40bf7b32392e91dc359cdacc724"
}