Yes a XSS post again. I’m sorry 🙂 I’ve been having fun testing some really good filters (some of the best in the business IMO). I found a vector that isn’t on rsnake’s cheat sheet. Check it out:- Only works on IE <isindex type=image src=1 onerror=alert(1)> Because IE treats the isindex element (a very old […]
Archives for the Month of August, 2008
CSS overlays and frame breakers
Sunday, 10 August 2008
I (wrongly) assumed that Javascript frame breakers were ineffective when using iframes on IE when using the security=restricted attribute. As it turns out cookies are not allowed by default when using the attribute because the security settings are applied from IE restricted zone. My recommendation is to use frame breakers on administration pages and other […]