Skip to content

Category Archives: php

PHP self return of the slash

Not posted for a while because I couldn’t think of anything interesting to say but I thought about something I found ages ago in PHP4 and it’s been long enough now. This is also quite funny because my server is vulnerable to this (that’s what I get for crappy hosting).
So what happens if you escape [...]

Posted 25 September 2009 Gareth Heyes § Security Comments (2)

XSS Rays

I’ve developed a new XSS scanner tool that’s written in Javascript called XSS Rays for Microsoft. They have given me permission to release the tool as open source which is awesome because it can be used for other open source applications. I recommend you use it as part of the web development process to make [...]

Posted 25 March 2009 Gareth Heyes § Security § javascript § xss Comments (32)

Sliceya CAPTCHA

If you’ve read this blog from the beginning you’ll know I like to write CAPTCHAS. The reason being is that it is a technical challenge to write something that a computer has difficulty reading. I think the Codetcha I wrote a while ago was successful in concept because the code errors would be very difficult [...]

Posted 15 January 2009 Gareth Heyes § Security § captcha Comments (8)

PHPIDS bypass

I haven’t hacked the PHPIDS for a while but David Lindsay (AKA Thornmaker) inspired me. When I say hacked I mean in a good way because finding bypasses helps improve the filters
Here is my vector:-

/Please submit the string\
to help us make the \
PHPIDS better./,y=(’aler\
t’),x=this,x=x[y]
x(’I cant let you have all the fun thornmaker’),/abc abc\
abc [...]

Posted 04 January 2009 Gareth Heyes § Security § xss Comments (3)

Hackvertor video demo

I’ve finally created a Hackvertor video demo, I’ve encoded it in swf and compressed it quite a lot. The quality is good and at a high resolution but the colours are a bit out other than that it should be quite clear how it works. The demo is available here:-
Hackvertor video demo

Posted 18 December 2008 Gareth Heyes § Security § hackvertor § javascript Comments (3)

Wordpress plugin security

It’s really bad. The amount of code that gets released and is vulnerable is shocking. Wordpress you need to do something. Anything. Disable all plugins now, run a audit on the code or use a user security review process, even as a last resort run some sort of automation on the code. Is it really [...]

Posted 22 October 2008 Gareth Heyes § Security § Wordpress Comments (5)

XSS is art

I had a bet with a friend of mine David Lindsey aka Thornmaker. Basically we said the first one to get a XSS vector on phpids buys a beer at Bluehat I haven’t had much time to do this because I’ve been pretty busy but over the last few days in my spare time [...]

Posted 11 September 2008 Gareth Heyes § Security § javascript § xss Comments (15)

CSS overlays and frame breakers

I (wrongly) assumed that Javascript frame breakers were ineffective when using iframes on IE when using the security=restricted attribute. As it turns out cookies are not allowed by default when using the attribute because the security settings are applied from IE restricted zone. My recommendation is to use frame breakers on administration pages and other [...]

Posted 10 August 2008 Gareth Heyes § Cascading Style Sheets § Security § csrf Comments (5)

Strings to array

I’ve been busy lately so I’ve not had time to post much but while writing yet another fuzzer I added a new tag to Hackvertor. Basically I write this code a million times and adding to Hackvertor enables me to save time and conveniently convert strings to arrays. The tag supports both Javascript and PHP [...]

Posted 29 July 2008 Gareth Heyes § Security § hackvertor § javascript Comments (0)

Javascript protocol fuzz results

Well it seems that Firefox 2.0.0.14 has provided the most interesting results with my protocol fuzzer.

Char: 56320, link: jav�ascript:
Char: 56321, link: jav�ascript:
Char: 56322, link: jav�ascript:
Char: 56323, link: jav�ascript:
Char: 56324, link: jav�ascript:
Char: 56325, link: jav�ascript:
,, ,, ,, ,,

All the way to:-

char: 57343, link: jav�ascript:

and hex entities but with a semi-colon:-

From:
Char: 56320, link: jav�ascript:

To:
Char: 57343, link: [...]

Posted 30 June 2008 Gareth Heyes § Security § fuzzing § javascript § xss Comments (11)