Comments on: Ping pong obfuscation http://www.thespanner.co.uk/2009/11/23/ping-pong-obfuscation/ A tool for designers dealing with programmers dealing with designers... Mon, 15 Mar 2010 22:24:50 +0000 http://wordpress.org/?v=2.6.2 By: Gareth Heyes http://www.thespanner.co.uk/2009/11/23/ping-pong-obfuscation/#comment-1640 Gareth Heyes Tue, 24 Nov 2009 08:43:22 +0000 http://www.thespanner.co.uk/?p=561#comment-1640 @Holyfield LOL I XSS sites now without trying @Holyfield

LOL I XSS sites now without trying

]]> By: Holyfield http://www.thespanner.co.uk/2009/11/23/ping-pong-obfuscation/#comment-1639 Holyfield Tue, 24 Nov 2009 07:12:29 +0000 http://www.thespanner.co.uk/?p=561#comment-1639 The RSS feed they publish on the OWASP homepage is executing VBScript popups in IE from your post. LOL. http://www.owasp.org/index.php/Main_Page The RSS feed they publish on the OWASP homepage is executing VBScript popups in IE from your post. LOL. http://www.owasp.org/index.php/Main_Page

]]> By: Gareth Heyes http://www.thespanner.co.uk/2009/11/23/ping-pong-obfuscation/#comment-1637 Gareth Heyes Mon, 23 Nov 2009 14:17:28 +0000 http://www.thespanner.co.uk/?p=561#comment-1637 @Wladimir Ah yeah you're right I forgot to encode the last step but it worked anyway heh. Personally I love obscure features and I think every browser should add their own javascript and css features oh wait... they do :) @Wladimir

Ah yeah you’re right I forgot to encode the last step but it worked anyway heh. Personally I love obscure features and I think every browser should add their own javascript and css features oh wait… they do :)

]]> By: Wladimir Palant http://www.thespanner.co.uk/2009/11/23/ping-pong-obfuscation/#comment-1636 Wladimir Palant Mon, 23 Nov 2009 14:08:04 +0000 http://www.thespanner.co.uk/?p=561#comment-1636 If http://www.greymagic.com/security/tools/decoder/ isn't lying to me you encoded only twice. Still - oh my, will MS ever throw this crap away? And by "crap" I mean both VBS in a browser and this useless JScript.Encode. But I guess, even with the web moving away from proprietary technologies there are still applications using the IE engine that use VBS. Who knows, I wouldn't be surprised if those even use VBScript.Encode to "protect" their application "source code". If http://www.greymagic.com/security/tools/decoder/ isn’t lying to me you encoded only twice. Still - oh my, will MS ever throw this crap away? And by “crap” I mean both VBS in a browser and this useless JScript.Encode. But I guess, even with the web moving away from proprietary technologies there are still applications using the IE engine that use VBS. Who knows, I wouldn’t be surprised if those even use VBScript.Encode to “protect” their application “source code”.

]]>