Eric Butera emailed me with a very interesting topic about protecting against PHP_SELF exploits. I thought it might be a good idea to gather a few test cases demonstrating the problem. Why PHP allows these URL’s is beyond me and it wouldn’t take much work to filter out these malicious URL’s in the PHP code.
For [...]
The Spanner
You are currently viewing the author archives of Gareth Heyes
Author Archives
Exploiting PHP SELF
Valid Javascript variables
I’ve put together a simple script which will use the Javascript parser to find a list of valid variables. This information is useful to know when testing XSS filters or malicious javascript detection. Using these unusual variables I’ve manged to slip Javascript passed some very clever filters including the PHPIDS and Noscript.
Check it out [...]
DOM DOS Firefox
Check this DOS in Firefox:-
<img src="" onerror="appendChild(cloneNode(appendChild(cloneNode(1))))">
There are many DOM related Firefox problems, this was one of the more interesting ones I found
DOM for hackers
It’s amazing the stuff I’ve been finding recently, my browser has crashed more times than windoze. In this article I’ll introduce you to using the DOM for unexpected things and hacking it to your advantage. I’ve learned all this new stuff while hacking a vectors for the slackers XSS contest which is really fun.
Contents [...]
Self replicating source
I’ve been having a lot of fun with the sla.ckers XSS replication contest and I found a cool way to replicate source code of the html document which I haven’t seen anywhere before. Check it out:-
alert(document.body.parentNode.innerHTML)
This alerts the entire HTML document in Firefox (hopefully IE7 as well). Which is pretty cool
Here is my [...]
I’m having a baby girl
I’m sorry but I’m so proud and so drunk that I had to tell the world!
New version of Hackvertor released
I’ve updated the design and layout of Hackvertor along with some new tags and features. In the next few weeks I plan to tidy the code up and reduce a lot of functions. If you have any feature suggestions then please leave a comment, SQL injection tags are planned for the next release along with [...]
Hackvertor fuzzing tool
I’ve created a separate tool for HTML/JS fuzzing, I decided to do this because Hackvertor does all the hard work of conversion and I can simply extend the functionality without writing much code. The tool is already very powerful and lets you traverse unicode characters and perform whatever conversions you require and in any position [...]
Javascript for hackers part 2
In my second part of Javascript for hackers I shall be showing how pointless it is to ban the use of document, location etc within form variables.
You can create some truly amazing strings which are unreadable to the human eye, many more vectors are available on the sla.ckers thread I created but I’ll show [...]
Javascript based encryption
No this isn’t a lame post on how I explain to encode your Javascripts It’s something I’ve done for a bit of fun really, I wanted to figure out a way to pass data across the network encrypted with Javascript and have it automatically decrypted. I doubt this technique would ever be used in [...]