The Spanner

Category Archives: e4x

Inline UTF-7 E4X javascript hijacking

I finally get to talk about this because Yosuke Hasegawa has already disclosed the IE/FF variant with JSON data. I also discovered the UTF-7 JSON hacking independently but I wasn’t aware it was public so I didn’t blog about it. Just in case you haven’t, you should check out his presentation it’s awesome!
Anyway onto E4X [...]

¶ Posted 24 February 2009 † Gareth Heyes § Security § javascript ‡ Comments (11)

E4X for hackers

If you’ve not been following my sla.ckers thread on unusual javascript then your missing out. My idea was to gather interesting, weird and wonderful javascript tricks which are useful for filter evasion and coding. I investigated E4X quite a lot for this purpose and found a few cool things that I’ll share with you.
Using {} [...]

¶ Posted 07 September 2008 † Gareth Heyes § Security § javascript § xss ‡ Comments (5)

Inspiration
- Arshan
- Ascetik
- beford
- Billy Rios
- Chris Weber
- David Ross
- Eric Lawrence
- hackademix
- Hackvertor
- Halvar Flake
- Jesse Ruderman
- Joe Walker
- John Resig
- Kuza55
- maliciousmarkup
- Manuel Caballero
- Matt Presson
- Miscoded
- nihilogic
- PHPIDS
- pro.grammatic
- Reiners
- rgaucher
- rvdh
- Sirdarckcat
- sla.ckers
- Stefan Esser
- Stefano Di Paola
- Thornmaker
- tssci-security
- ush.it
- Web Reflection
- xorl
- Yosuke HASEGAWA
Recent Comments
RSS Links
- All posts
- All comments
March 2010

M T W T F S S

« Feb

1 2 3 4 5 6 7

8 9 10 11 12 13 14

15 16 17 18 19 20 21

22 23 24 25 26 27 28

29 30 31
Home

The Spanner

Category Archives: e4x

Inline UTF-7 E4X javascript hijacking

E4X for hackers

Inspiration

Recent Comments

RSS Links

Category Archives

Search

Advert

March 2010
M	T	W	T	F	S	S
« Feb
1	2	3	4	5	6	7
8	9	10	11	12	13	14
15	16	17	18	19	20	21
22	23	24	25	26	27	28
29	30	31