Archives for the Month of January, 2009

Detecting browsers javascript hacks

I enjoyed my last experiment to create tiny browser detection hacks, so I thought I’d try and do some more in other browsers. I’ve found these while testing Hackvertor and writing the inspection functions. The rules are simple if you want to post your own:- 1. The variable assignment must be the abbreviation of the […]

Detecting IE in 12 bytes

Andrea Giammarchi had a interesting article which stated you can detect IE in 32 bytes of code. I wondered if this could be improved, after a few failed attempts I found this to be the smallest and fastest way:- IE=’\v’==’v’ Pretty cool eh?

JSReg javascript parser

My host won’t let me compile Spidermonkey on my server πŸ™ and I need a javascript parser for my next version of Hackvertor. I can’t really afford a new server, so I decided to write my own πŸ™‚ It’s nowhere near finished yet but I thought I’d give you a peak at the pre-pre-beta. I […]

Hackvertor now decodes css escapes

I posted a vector to the web app sec list because they were discussing expression XSS. Ivan Ristic naturally used Hackvertor to try and decode the vector automatically. But he exposed a bug in the auto decoder. Well it’s now fixed yay! Thanks Ivan. I found a couple of errors in my reg exp syntax […]


If you’ve read this blog from the beginning you’ll know I like to write CAPTCHAS. The reason being is that it is a technical challenge to write something that a computer has difficulty reading. I think the Codetcha I wrote a while ago was successful in concept because the code errors would be very difficult […]

Crazy javascript

I’ve known for a while that the replace function can call native functions in Firefox and IE. It works something like this:- ‘alert(1)’.replace(/.+/,eval) So the regexp searches for the alert string and passes the result to the eval function which it receives as an argument. But does it stop there? Well no actually. There’s more. […]

Calling the Array constructor in IE

I had a conversation a while ago on email with Billy Hoffman about how in IE the Array constructor wasn’t called when using [] to create arrays. The question is, was he right? Technically yes but actually no πŸ™‚ You see Arrays in JScript are actually objects and not arrays, so trying to overwrite the […]

I know what your friends did last summer

I did report this to Twitter a few weeks ago, but now that Chris Heilmann has let the cat out of the bag I’ll post my repro now. Basically Twitter JSON security is leaking data, the JSON feeds that are publically available shouldn’t be IMO or at least protected using known methods. So if you […]

PHPIDS bypass

I haven’t hacked the PHPIDS for a while but David Lindsay (AKA Thornmaker) inspired me. When I say hacked I mean in a good way because finding bypasses helps improve the filters πŸ™‚ Here is my vector:- /Please submit the string\ to help us make the \ PHPIDS better./,y=(‘aler\ t’),x=this,x=x[y] x(‘I cant let you have […]