Archives for the Month of May, 2012

Eval a url

You might have seen a blog post or came to the conclusion that urls are in fact valid JavaScript such as: http://thespanner.co.uk (label) (comment) That’s weird and cool but how do we execute JavaScript from the url? Something like: http://thespanner.co.uk\nalert(1) (label) (comment) (newLine) (functionCall) Trouble is the new line isn’t allowed inside the browser url […]

XSS technique without parentheses

This is a very old technique I discovered years ago which I used to bypass a filter and it’s pretty awesome. It might come in handy to bypass a WAF or filter since it’s not public until now. First you need to understand (which you probably do) that the window object is the default object […]