Welcome to the repo. This repository contains all the materials for my talk "Splitting The Email Atom:Exploiting Parsers To Bypass Access Controls".
You can read about this research at:
https://portswigger.net/research/splitting-the-email-atom
The Joomla directory contains all the code to replicate the demo I presented live at Black Hat and DEFCON.
The tools directory contains all the tools I used for this research. Including the CSS exfiltrator, Hackvertor tags, PHP Punycode fuzzer, converter, SMTP fuzzing scripts and Turbo Intruder scripts.
We've created a CTF on the Web Security Academy so you can try out your new skills.