Archives for the Date November 19th, 2007

Unusual XSS vectors

I’ve been working on my Hackvertor script to include XSS fuzzing which isn’t ready yet but I thought you might be interested in a few interesting results I’ve found 🙂 First off I’m sure you know you can use XSS in a img object yeah? Well did you know there’s also a image object as […]

CSK update

Sirdarckcat has been doing some work on my CSK kit and has improved it with new events and data handling improvements. This is great news because I haven’t had chance to work on it for a while with all the projects I’m involved in there’s just not enough time in the day. It’s still early […]

CSRF browser protection

I like the topic of CSRF because it’s such a difficult problem to solve, I was thinking about ways a browser can prevent CSRF and I’ve come up with the following solutions:- 1. After a domain name any image/object/frame etc request is truncated by a user definable setting. Limiting the amount of data an attacker […]