GH just fixed it, but there's a snapshot from few hours ago: <a href="https://web.archive.org/web/20240608060046/https://github.com/younesbram/younesbram" rel="nofollow">https://web.archive.org/web/20240608060046/https://github.co...</a>
You can see in the commit log from on <a href="https://github.com/younesbram/younesbram/commit/4282312e4ec38ab20bb5469cc298b24e142d99d5">https://github.com/younesbram/younesbram/commit/4282312e4ec3...</a> where the first PoC commit is pushed up.<p>The thing I find interesting is that this wasn't a random discovered; like, you look at the first commit in the sequence and you'll see.<p>> \ce{$\unicode[goombafont; color:red; pointer-events: none; ...<p>ie. This isn't some random chance discovery.<p>This is someone looking to use a specific exploit with the ```math tag, already certain that there's some way of doing it.<p>How strange.
I think the \unicode CSS injection used here was reported to the MathJax library a few months ago - <a href="https://github.com/mathjax/MathJax/issues/3129">https://github.com/mathjax/MathJax/issues/3129</a>
Explanation for this with a better link: <a href="https://news.ycombinator.com/item?id=40615804">https://news.ycombinator.com/item?id=40615804</a>
Source-code: <a href="https://raw.githubusercontent.com/younesbram/younesbram/main/readme.md" rel="nofollow">https://raw.githubusercontent.com/younesbram/younesbram/main...</a><p>(Injection in LaTeX math tags)
I don't get this. It shows some mangled text that looks like defaced CSS, accompanied by the error message “Extra open brace or missing close brace”. How is this content injection?<p>But the rescue murloc is cute.
Saw this last night (in Europe), was posted with a different image<p><a href="https://news.ycombinator.com/item?id=40614571">https://news.ycombinator.com/item?id=40614571</a><p>but that one of course stopped working too<p>working snapshot (mildly nsfw):<p><a href="https://web.archive.org/web/20240607215223/https://github.com/stong" rel="nofollow">https://web.archive.org/web/20240607215223/https://github.co...</a><p>there's another one from 2 hours earlier but that misses the cool rotating cube.
Other than I love Samy, are many real-world examples of XSS being exploited for massive takeover of some service? I can't say I remember any news of a "website/service totally taken over due to XSS."
Funny at first, but this could have been exploited maliciously by let's displaying a message telling the user he has been disconnected and redirecting him to a phishing page.