Skip to content

WebFu Dojo - XSS self defence

Kung Fu master

Welcome my young apprentice so you want to learn how to defend yourself from the onslaught of XSS ninjas do you? Well in my first Dojo lesson I shall show you techniques of the shaolin crane style to defend yourself from the XSS punch.

XSS roundhouse

Use the roundhouse wisely my young master and always proceed with caution. When a XSS ninja attacks you with the XSS punch:-

"><script>alert(/XSS PUNCH/)</script>

You should respond quickly with the XSS roundhouse:-

<script>
if (top == self) {
 setInterval('alert(/XSS ROUNDHOUSE/)',500)
} else {
 top.location.href = 'http://www.yourdojohere';
}
</script>

I hope you enjoyed this lesson and if you require more tutoring consult the Grandmaster snake, Master null byte, The shaolin warriors or Pai Mei DaCat

Comments 14

  1. Ronald wrote:

    haha! excellent! :D

    Got some WebFu also in store soon!

    Posted 08 Nov 2007 at 6:17 pm
  2. Gareth Heyes wrote:

    Ah excellent master null byte, I look forward to learning the style of the dragon :) hehhe

    Posted 08 Nov 2007 at 7:33 pm
  3. Marco Ramilli wrote:

    HeHeHe, Funny really Funny stuff !

    Posted 08 Nov 2007 at 8:09 pm
  4. .mario wrote:

    *Shaolin warrior bows in awe*

    N1! :)

    Posted 08 Nov 2007 at 8:51 pm
  5. Pai Mei DaCat wrote:

    Hehe this r0x :P

    lately I’m seeing a lot of code that would be very cool implemented in a PHP-IPS.. it’s possible, but hard.. :P

    Posted 09 Nov 2007 at 12:53 am
  6. sirdarckcat wrote:

    Hehe this r0x :P

    lately I’m seeing a lot of code that would be very cool implemented in a PHP-IPS.. it’s possible, but hard.. :P

    Posted 09 Nov 2007 at 4:55 am
  7. Gareth Heyes wrote:

    @Shaolin warrior mario

    I’m honoured with your presence *bow*, your IDS tiger style is legendary.

    @Pai Mei DaCat

    Likewise I’m honoured *bow* your obscufication whirlwind kick is impressive.

    Posted 09 Nov 2007 at 11:56 am
  8. Gareth Heyes wrote:

    On a serious note….

    I’ve been thinking of implementing a WebFu self defence kit for a bit of fun, it would include the PHPIDS to detect the attacks. What do you think? Want to help? :)

    Posted 09 Nov 2007 at 11:58 am
  9. Iehrepus wrote:

    haha,I find a fun:

    http://translate.google.com/translate?u=http%3A%2F%2Fwww.thespanner.co.uk%2F2007%2F11%2F08%2Fwebfu-dojo-xss-self-defence%2F&langpair=en%7Czh-CN&hl=en&ie=UTF-8

    this is the code :
    <html>
    <body>
    hi
    <script type=”text/javascript”>
    if (top != self) {
    top.location.href = ‘http://superhei.blogbus.com/’;
    }
    </script>
    </body>
    </html>

    Posted 09 Nov 2007 at 3:53 pm
  10. Iehrepus wrote:

    test by Ie7 :)

    Posted 09 Nov 2007 at 3:54 pm
  11. Gareth Heyes wrote:

    @Iehrepus

    I’m not sure what you’re pointing out here, yes my blog does have frame protection. If you want to translate then please disable javascript when translating.

    Thanks for testing in IE7 ;)

    Posted 09 Nov 2007 at 4:01 pm
  12. DaCat wrote:

    Gareth.

    Oh the WebFu lessons are going to be against the all mighty powerfull PHP-IDS, .mario and christ1an? maybe also ma1?

    well, this will be interesting..

    Posted 10 Nov 2007 at 12:13 am
  13. .mario wrote:

    “I’ve been thinking of implementing a WebFu self defence kit for a bit of fun”

    Yep - the calls for a PHPIPS start to get louder and louder. Let’s IM about that as soon as you have some time. There are already many ideas drawn together.

    Posted 10 Nov 2007 at 1:02 pm
  14. Gareth Heyes wrote:

    Yep I’ll look forward to it :)

    Posted 10 Nov 2007 at 1:14 pm

Post a Comment

Your email is never published nor shared. Required fields are marked *

Comment spam protected by SpamBam