I’ve updated my protocol fuzzer with charset support (Thanks Chris Weber for the suggestion). I tried the various browsers with the fuzzer so far nothing in IE8 yet 🙁 but I downloaded the latest Opera and found these 😀 Update… Opps I made a mistake, my fuzzer reported false positives because Opera reported the links […]
Archives for the Month of September, 2008
XSS is art
Thursday, 11 September 2008
I had a bet with a friend of mine David Lindsey aka Thornmaker. Basically we said the first one to get a XSS vector on phpids buys a beer at Bluehat 🙂 I haven’t had much time to do this because I’ve been pretty busy but over the last few days in my spare time […]
E4X for hackers
Sunday, 7 September 2008
If you’ve not been following my sla.ckers thread on unusual javascript then your missing out. My idea was to gather interesting, weird and wonderful javascript tricks which are useful for filter evasion and coding. I investigated E4X quite a lot for this purpose and found a few cool things that I’ll share with you. Using […]