I love to think of unsolvable problems and try to solve them. I dunno why I just enjoy it. One of the most challenging problems is “secret questions”. Everyone sucks at this, I’m looking at you Google. One of the first lines of defence for a unverified account can be a secret question. This is [...]
My one man mission to create a social coding network is going well, if you read this blog previously you’ll remember my attempts at a JavaScript sandbox until I finally settled on JSReg as a method. I’ve refined the process of creating tags after trying to build them myself using the editor.
How to create a [...]
Over the weekend Stefano Di Paola broke my JSReg sandbox with some awesome vectors in particular the Opera one. He took my challenge after I laid down the gauntlet on the web app sec list. If you have some sandbox you want breaking, some Flash you need testing or general pen test work you should [...]
I’m not a developer any more so I find it difficult to update the experiments I’ve been working on but I managed today to upload the work I’ve done with JSReg and update Hackvertor. They are both integrated closely together because Hackvertor allows untrusted Javascript using JSReg.
The recent upgrade to JSReg allowed me to upload [...]
The great thing about standards is that sometimes they are blindly followed and it’s not until maybe years down the line that you realise they got it wrong. Personally I think standards should be organically developed in code then defined in a standard once the various flaws have been ironed out. Every standard should use [...]
I was thinking about how to prevent a user being exploited lately by whatever method. One thing most attacks have in common is that a user generally needs to initiate the attack by clicking on a email or web site link from a social network. There’s a obvious pattern here. Granted some attacks are conducted [...]
My friend mario (he who never blogs) found XSS in facebook a couple of times. This tempted me to look at their sandbox, I didn’t register for an account but just tried breaking their FBML console.
They have their own FBML (Facebook markup language) which is just a basic HTML/CSS and a separate Javascript sandbox [...]
So I posted some new XSS vectors on twitter and I thought I’d share them on the blog in case anyone missed them. Safari, Chrome and Opera all support these now We have a brand new way of auto executing XSS.
Normally when you find a XSS hole within a input element that has [...]
This is a fun post about a feature I found in IE that allows you to do some crazy obfuscation. I’ll start off with some simple examples:-
<img src=1 language=vbs onerror=msgbox+1>
<img src=1 language=vbscript onerror=msgbox+1>
<img src=1 onerror=vbs:msgbox+1>
So here we’re not obfuscating but I’m showing how IE accepts the language attribute and a labelled vbs statement to change [...]
This is an important post for me, not because it’s ground breaking but people don’t seem to get this when using data in certain context. If you are a dev please read this and read it until you understand it because if you misidentify context you fail and you fail pretty badly.
I reported this to [...]