Archives for the Month of May, 2008

Firefox applet fun

I’ve been hacking the PHPIDS recently and I wanted a pure XSS vector not just script execution, I decided to experiment with the applet tag because it sneaks past the malicious tag detection. I thought to myself I wonder if it accepts the type attribute like the object tag does…. <applet src="data:text/html;base64,PHNjcmlwdD5hbGVydCgvWFNTLyk8L3N jcmlwdD4" type=text/html> That […]

Double encoding javascript

I found a nice variation which allows multiple types of encoding without performing eval twice on the string. The code works using the Script function and because of this the code is rewritten by the javascript engine and converts the unicode into standard text. First a base of unicode is used first “\u0061\u006c\u0065\u0072\u0074\u0028\u0031\u0029” then each […]

Firefox find function

I found this quite interesting, calling the find function in Firefox without parameters displays a dialog box. Calling it multiple times displays loads of find windows 🙂 for(i=0;i

Javascript getters hacking

I’m a big fan of strange looking Javascript and using the syntax in ways it wasn’t intended, so I can understand the internals of what’s going on. Tonight I was having trouble sleeping and I decided to try and bypass the PHPIDS, I found that Firefox lets you use getters with unassigned variables and returns […]