So I came across a cool post to hack the new HTML5 parser that Opera is developing, it is awesome that a vendor says hey c’mon look what we’ve done, please try and break our stuff. I couldn’t resist having a go as they asked so nicely and within minutes…. <a href=”jav&#65ascript:alert(1)”>test1</a> <a href=”jav&#97ascript:alert(1)”>test2</a> That’s [...]

I’ve had requests to create a Hackvertor API to allow you to embed it on your own sites, so I’ve created one. It uses postMessage to communicate and you can set the width, height, top, left and callback for your output. The code looks like this:- Hackvertor.write({top:’0px’,left:’300px’,width:’700px’,height:’400px’, callback:function(str) { document.getElementById(‘output’).value=str; }}); This will write a [...]

You might remember my XSS Rays bookmarklet I developed a while ago, I got nagged by a few of you to fix some things in it. Well it was crappy because it was bookmarklet based so I didn’t bother. Instead I decided to create a Chrome extension and revamp the features. So here it is [...]

RFC Editor USC/ISI Jan 2011 Official Jump off a bridge protocol standards Status of This Memo This memo provides information for the Internet community. It does not specify an Internet standard of any kind. Distribution of this memo is unlimited. Table of contents 1. Overview 2. Jump 3. Die 1. Overview This memo contains a [...]

Something like two years ago I think, I discovered IE had a additional HTML attribute called “CHARSET” quite convenient as it’s defined in HTML5. This enabled me to bypass a few things using UTF-7. The MSDN documentation was updated to account for this hidden attribute which is pretty cool, so I found something hidden which [...]

I was experimenting with some HTML vectors to break the various HTML parsers in the browsers, I wanted to continue till I found a cool one for Firefox because I like to bully the memory hogging browser as I use it a lot. I found some weird rendering in Firefox, Chrome and Opera. It started [...]

I set a cool Hackvertor challenge on slackers. The idea was to call the function defined in window. There is a perfectly legitimate way of doing this as I discovered the method when I was testing it, instead of fixing it I created the challenge. Stefano Di Paola of course figured it out, nice work [...]

I woke up yesterday morning and had a sudden flash of inspiration to stop all social network worms. I dunno why I wasn’t even researching them, I’ve no idea how my mind works it’s funny like that. Anyway sometimes I have bad ideas and sometimes they’re good. I like to discuss them all because that’s [...]

It’s been a while for a Hackvertor update, you might have noticed that the old one hasn’t changed in a while. This is because I’ve finally moved it over to the new one with a bunch of new features. I’ll give you a run down of the new tags and features I’ve added. I still [...]

After using JavaScript for a while one of the worst parts I found was the String.replace function. When I realized it’s behaviour I thought to myself someone is going to use this wrong. The function itself is excellent, I use it all the time as you could probably tell with my code. It is far [...]