I’ve developed a new XSS scanner tool that’s written in Javascript called XSS Rays for Microsoft. They have given me permission to release the tool as open source which is awesome because it can be used for other open source applications. I recommend you use it as part of the web development process to make […]

I did a couple of vectors for PHPIDS recently and I was experimenting with Firefox 3.1 beta and the new HTML5 tags. I found the audio and video tags could be used for XSS, I’m sure there are others too. The vectors are quite cool because they’re executed automatically within a onload onerror event. (Originally […]