This is a fun post about a feature I found in IE that allows you to do some crazy obfuscation. I’ll start off with some simple examples:- <img src=1 language=vbs onerror=msgbox+1> <img src=1 language=vbscript onerror=msgbox+1> <img src=1 onerror=vbs:msgbox+1> So here we’re not obfuscating but I’m showing how IE accepts the language attribute and a labelled […]

This is an important post for me, not because it’s ground breaking but people don’t seem to get this when using data in certain context. If you are a dev please read this and read it until you understand it because if you misidentify context you fail and you fail pretty badly. I reported this […]

I had fun at Confidence 2.0 CON, I’m gonna blog about the stuff I was holding back now 🙂 So I figured how to bypass CSP with UTF-7 and JSON. Basically any site with a JSON feed that can be manipulated by an attacker (reflective or persistent) can be injected with even in a correctly […]