Merge pull request #611 from DotDotSlashRepo/master

Updated Account takeover due to unicode normalization issue
swisskyrepo · Jan 4, 2023 · 095024f · 095024f
2 parents 5190829 + 418ff22
commit 095024f
Showing 1 changed file with 5 additions and 0 deletions.
diff --git a/Account Takeover/README.md b/Account Takeover/README.md
@@ -122,9 +122,14 @@ See: [CVE-2020-7245](https://nvd.nist.gov/vuln/detail/CVE-2020-7245)
 
 ### Account takeover due to unicode normalization issue
 
+When processing user input involving unicode for case mapping or normalisation, unexcepted behavior can occur.  
+
 - Victim account: `demo@gmail.com`
 - Attacker account: `demⓞ@gmail.com`
 
+[Unisub - is a tool that can suggest potential unicode characters that may be converted to a given character](https://github.com/tomnomnom/hacks/tree/master/unisub).
+
+[Unicode pentester cheatsheet](https://gosecure.github.io/unicode-pentester-cheatsheet/) can be used to find list of suitable unicode characters based on platform.
 
 ## Account Takeover Via Cross Site Scripting