- Home
- Blog
  - Blog home
  - RSS
- Login
- Home
- Blog
  - Blog home
  - RSS
- Login

The Spanner
Web security blog

Made by Gareth Heyes
Follow me on Twitter: @garethheyes

Recent posts

Introducing Feedworm: A Privacy-First RSS Reader That Lives in DevTools Speedy RSVP extension AutoVader Hackvertor history and tag finder Shadow Repeater v1.2.3 release Burp Hackvertor v2.1.24 release Hacking rooms XSSing TypeErrors in Safari valueOf: Another way to get this Making the Unexploitable Exploitable with X-Mixed-Replace on Firefox The curious case of the evt parameter CSS-Only Tic Tac Toe Challenge Rewriting relative urls with the base tag in Safari Bypassing DOMPurify with mXSS New IE mutation vector How I smashed MentalJS MentalJS DOM bypass Another XSS auditor bypass XSS Auditor bypass Bypassing the IE XSS filter Unbreakable filter MentalJS bypasses mXSS Java Serialization Bypassing the XSS filter using function reassignment RPO Sandboxed jQuery X-Domain scroll detection on IE using focus Epic fail IE new operator Decoding complex non-alphanumeric JavaScript Hacking Firefox DOM Clobbering Bypassing XSS Auditor The evolution of code Non-Alpha PHP in 6-7 charset Tweetable PHP-Non Alpha MentalJS for PHP Opera x domain with video tutorial Sandboxing and parsing jQuery in 100ms

Vulnerability found in security tool

By Gareth Heyes (@hackvertor)

Published 18 years 10 months ago • Last updated March 22, 2025 • ⏱️ < 1 min read

← Back to articles

Hehe this is quite funny, Chris Shiflett released a tool today to perform CSRF tests and I found a huge hole in it that allows javascript execution on his site. Sorry Chris :)

<strike>Simple Exploit</strike>

← Back to articles