I thought I’d continue the theme of experimenting with XSS and trying different things, I haven’t seen this written about anywhere so here goes. The idea is using CSS as a XSS payload, this can be useful when filters allow some things but make it difficult to construct an attack. I’ve decided to call it […]

Sirdarckcat has been doing some work on my CSK kit and has improved it with new events and data handling improvements. This is great news because I haven’t had chance to work on it for a while with all the projects I’m involved in there’s just not enough time in the day. It’s still early […]

Update… Verisign have now fixed the vulnerability. I’ve wrote about this before but I’m sure that some people might not know the risks involved, so I’ve created a demonstration of how to use CSS and iframe overlays to take any section of a web site and place it on any other web site. The user […]

I’ve put together a little CSK demo, it’s still early stages yet and there’s quite a bit more I can do but I thought I’d share the code early because I’ve a lot on at the moment and it might be a while before the next update and also it’s really interesting stuff. It just […]

I’ve been doing some more experimenting with CSS (god help us) and I’ve found a way to successfully store and retrieve data via CSS without page refreshes. In case you don’t know, CSK is my CSS Scripting Kit I’m developing. I plan to release the kit soon once I’ve polished some features. This is really […]

I’m currently in the process of developing a CSS Scripting Kit called “CSK”, this kit will allow you to perform scripting actions that normally would be reserved for Javascript. I believe the standards that browser manufacturers are adopting create major security holes and if they don’t either create new security policies to adapt to this […]

I think the single most insecure feature of internet browsers today is iframes, you can do too much with them and I feel I’ve only touched the surface with the examples I’ve shown. My next tool shows how simple it is to scan your entire local network from the internet using iframes, CSS and absolutely […]

As the browser manufacturers add new features they can sometimes overlook the security implications which can often seem minor. I’ve found two such features which I think could cause problems. CSS overlays Iframes can be manipulated to show only a small area of the screen, even worse you can actually overlay any other item over […]

This is about the least technical I can be so hopefully I won’t exclude you print designers out there. Global wildcard The * global wildcard references the entire tree of a css elements. If used on its own it references the whole css. It is useful for applying global rules and resetting the default styles. […]