Archives for the ‘Cascading Style Sheets’ Category

Hackvertor Ajax applications

I hate to use the word Ajax because there’s no XML involved just nice JSON but Hackvertor now has Ajax applications! At the moment it’s very rough around the edges but it will improve when I get more spare time to work on them. What does it mean? Well you can now share actual HTML/JS […]

Location based XSS attacks

The basic attack Using the hash portion of the location is a good way to beat filters, anything sent via the hash is not sent to the server in question. We can use a large amount of data which is hidden from the server side filters and combine it with data sent on the server. […]

Javascript protocol fuzzer and Opera

I’ve updated my protocol fuzzer with charset support (Thanks Chris Weber for the suggestion). I tried the various browsers with the fuzzer so far nothing in IE8 yet πŸ™ but I downloaded the latest Opera and found these πŸ˜€ Update… Opps I made a mistake, my fuzzer reported false positives because Opera reported the links […]

CSS overlays and frame breakers

I (wrongly) assumed that Javascript frame breakers were ineffective when using iframes on IE when using the security=restricted attribute. As it turns out cookies are not allowed by default when using the attribute because the security settings are applied from IE restricted zone. My recommendation is to use frame breakers on administration pages and other […]

Moz-binding XSS fun

CSS supports hex encoding within styles as well html entities, but did you know you could combine them both? I didn’t. To construct an attack similar to the one displayed below you first need to convert your CSS property to hex, so -moz-binding becomes: \2d\6d\6f\7a\2d\62\69\6e\64\69\6e\67, notice there is no “x” prefix or double zeros like […]

Incrementing in CSS

I’ve continued my experiments with loops in CSS and tried to find a method to allow counter-increment through a loop. The technique uses a random seed to create a unique url each time (obviously the seed can be improved), it then uses meta refreshes to create the required history to increment the value. This technique […]

CSS animation!

Hacking CSS is a great challenge and can lead to interesting results, I’ve reignited my interest thanks to sirdarckcat and Thornmaker who have done some fantastic work. I wanted a way to do animation and loops in pure CSS and I think it’s sorta possible using meta refresh. I know meta refresh is slightly cheating […]

CSS toggle buttons

Thornmaker has improved my CSS logic script which is much neater and requires less styles, good work πŸ™‚ Sirdarckcat has also created multiplication which is amazing stuff, so I had a bit of spare time and I decided to see if it was possible to create toggles in CSS with a visual appearance of a […]

CSS logic

Inspired by the great work of Sirdarckcat on CSK2, I’ve decided to produce a POC which performs basic logic in pure CSS. The example simply adds the numbers together depending on which checkbox you check. My next experiment will be with loops and then we can start creating some really cool games in CSS πŸ˜€ […]

Ultimate XSS CSS injection

Here’s a final XSS CSS vector which works on IE7 and Firefox. The IE7 vector was based on the brilliant work of Martin which I modified slightly and found that IE will also accept htmlentities in css styles. Credits update The expression part of this technique was first demonstrated by Dan on the slackers forums, […]