I’ve been hacking the PHPIDS recently and I wanted a pure XSS vector not just script execution, I decided to experiment with the applet tag because it sneaks past the malicious tag detection. I thought to myself I wonder if it accepts the type attribute like the object tag does…. <applet src="data:text/html;base64,PHNjcmlwdD5hbGVydCgvWFNTLyk8L3N jcmlwdD4" type=text/html> That […]
Archives for the Month of May, 2008
Double encoding javascript
Saturday, 10 May 2008
I found a nice variation which allows multiple types of encoding without performing eval twice on the string. The code works using the Script function and because of this the code is rewritten by the javascript engine and converts the unicode into standard text. First a base of unicode is used first “\u0061\u006c\u0065\u0072\u0074\u0028\u0031\u0029” then each […]
Firefox find function
Thursday, 8 May 2008
I found this quite interesting, calling the find function in Firefox without parameters displays a dialog box. Calling it multiple times displays loads of find windows 🙂 for(i=0;i
Javascript getters hacking
Thursday, 8 May 2008
I’m a big fan of strange looking Javascript and using the syntax in ways it wasn’t intended, so I can understand the internals of what’s going on. Tonight I was having trouble sleeping and I decided to try and bypass the PHPIDS, I found that Firefox lets you use getters with unassigned variables and returns […]