I’ve updated my protocol fuzzer with charset support (Thanks Chris Weber for the suggestion). I tried the various browsers with the fuzzer so far nothing in IE8 yet but I downloaded the latest Opera and found these Update… Opps I made a mistake, my fuzzer reported false positives because Opera reported the links correctly but [...]

I had a bet with a friend of mine David Lindsey aka Thornmaker. Basically we said the first one to get a XSS vector on phpids buys a beer at Bluehat I haven’t had much time to do this because I’ve been pretty busy but over the last few days in my spare time I’ve [...]

If you’ve not been following my sla.ckers thread on unusual javascript then your missing out. My idea was to gather interesting, weird and wonderful javascript tricks which are useful for filter evasion and coding. I investigated E4X quite a lot for this purpose and found a few cool things that I’ll share with you. Using [...]