I hate to use the word Ajax because there’s no XML involved just nice JSON but Hackvertor now has Ajax applications! At the moment it’s very rough around the edges but it will improve when I get more spare time to work on them. What does it mean? Well you can now share actual HTML/JS […]

The basic attack Using the hash portion of the location is a good way to beat filters, anything sent via the hash is not sent to the server in question. We can use a large amount of data which is hidden from the server side filters and combine it with data sent on the server. […]

I’ve updated my protocol fuzzer with charset support (Thanks Chris Weber for the suggestion). I tried the various browsers with the fuzzer so far nothing in IE8 yet 🙁 but I downloaded the latest Opera and found these 😀 Update… Opps I made a mistake, my fuzzer reported false positives because Opera reported the links […]

I (wrongly) assumed that Javascript frame breakers were ineffective when using iframes on IE when using the security=restricted attribute. As it turns out cookies are not allowed by default when using the attribute because the security settings are applied from IE restricted zone. My recommendation is to use frame breakers on administration pages and other […]

CSS supports hex encoding within styles as well html entities, but did you know you could combine them both? I didn’t. To construct an attack similar to the one displayed below you first need to convert your CSS property to hex, so -moz-binding becomes: \2d\6d\6f\7a\2d\62\69\6e\64\69\6e\67, notice there is no “x” prefix or double zeros like […]

I’ve continued my experiments with loops in CSS and tried to find a method to allow counter-increment through a loop. The technique uses a random seed to create a unique url each time (obviously the seed can be improved), it then uses meta refreshes to create the required history to increment the value. This technique […]

Hacking CSS is a great challenge and can lead to interesting results, I’ve reignited my interest thanks to sirdarckcat and Thornmaker who have done some fantastic work. I wanted a way to do animation and loops in pure CSS and I think it’s sorta possible using meta refresh. I know meta refresh is slightly cheating […]

Thornmaker has improved my CSS logic script which is much neater and requires less styles, good work 🙂 Sirdarckcat has also created multiplication which is amazing stuff, so I had a bit of spare time and I decided to see if it was possible to create toggles in CSS with a visual appearance of a […]

Inspired by the great work of Sirdarckcat on CSK2, I’ve decided to produce a POC which performs basic logic in pure CSS. The example simply adds the numbers together depending on which checkbox you check. My next experiment will be with loops and then we can start creating some really cool games in CSS 😀 […]

Here’s a final XSS CSS vector which works on IE7 and Firefox. The IE7 vector was based on the brilliant work of Martin which I modified slightly and found that IE will also accept htmlentities in css styles. Credits update The expression part of this technique was first demonstrated by Dan on the slackers forums, […]