WebFu Dojo – XSS self defence
Thursday, 8 November 2007
Welcome my young apprentice so you want to learn how to defend yourself from the onslaught of XSS ninjas do you? Well in my first Dojo lesson I shall show you techniques of the shaolin crane style to defend yourself from the XSS punch.
XSS roundhouse
Use the roundhouse wisely my young master and always proceed with caution. When a XSS ninja attacks you with the XSS punch:-
"><script>alert(/XSS PUNCH/)</script>
You should respond quickly with the XSS roundhouse:-
<script>
if (top == self) {
setInterval('alert(/XSS ROUNDHOUSE/)',500)
} else {
top.location.href = 'http://www.yourdojohere';
}
</script>
I hope you enjoyed this lesson and if you require more tutoring consult the Grandmaster snake, Master null byte, The shaolin warriors or Pai Mei DaCat
No. 1 — November 8th, 2007 at 6:17 pm
haha! excellent! π
Got some WebFu also in store soon!
No. 2 — November 8th, 2007 at 7:33 pm
Ah excellent master null byte, I look forward to learning the style of the dragon π hehhe
No. 3 — November 8th, 2007 at 8:09 pm
HeHeHe, Funny really Funny stuff !
No. 4 — November 8th, 2007 at 8:51 pm
*Shaolin warrior bows in awe*
N1! π
No. 5 — November 9th, 2007 at 12:53 am
Hehe this r0x π
lately I’m seeing a lot of code that would be very cool implemented in a PHP-IPS.. it’s possible, but hard.. π
No. 6 — November 9th, 2007 at 4:55 am
Hehe this r0x π
lately IΓ’β¬β’m seeing a lot of code that would be very cool implemented in a PHP-IPS.. itΓ’β¬β’s possible, but hard.. π
No. 7 — November 9th, 2007 at 11:56 am
@Shaolin warrior mario
I’m honoured with your presence *bow*, your IDS tiger style is legendary.
@Pai Mei DaCat
Likewise I’m honoured *bow* your obscufication whirlwind kick is impressive.
No. 8 — November 9th, 2007 at 11:58 am
On a serious note….
I’ve been thinking of implementing a WebFu self defence kit for a bit of fun, it would include the PHPIDS to detect the attacks. What do you think? Want to help? π
No. 9 — November 9th, 2007 at 3:53 pm
haha,I find a fun:
http://translate.google.com/translate?u=http%3A%2F%2Fwww.thespanner.co.uk%2F2007%2F11%2F08%2Fwebfu-dojo-xss-self-defence%2F&langpair=en%7Czh-CN&hl=en&ie=UTF-8
this is the code :
<html>
<body>
hi
<script type=”text/javascript”>
if (top != self) {
top.location.href = ‘http://superhei.blogbus.com/’;
}
</script>
</body>
</html>
No. 10 — November 9th, 2007 at 3:54 pm
test by Ie7 π
No. 11 — November 9th, 2007 at 4:01 pm
@Iehrepus
I’m not sure what you’re pointing out here, yes my blog does have frame protection. If you want to translate then please disable javascript when translating.
Thanks for testing in IE7 π
No. 12 — November 10th, 2007 at 12:13 am
Gareth.
Oh the WebFu lessons are going to be against the all mighty powerfull PHP-IDS, .mario and christ1an? maybe also ma1?
well, this will be interesting..
No. 13 — November 10th, 2007 at 1:02 pm
“IΓ’β¬β’ve been thinking of implementing a WebFu self defence kit for a bit of fun”
Yep – the calls for a PHPIPS start to get louder and louder. Let’s IM about that as soon as you have some time. There are already many ideas drawn together.
No. 14 — November 10th, 2007 at 1:14 pm
Yep I’ll look forward to it π