Description
I finally sat down and started work on a sandboxed DOM API. Originally I was just going to develop a new framework because the DOM is messy but instead I decided it would be cool to have a safe simulated DOM instead and build a framework on top of that.
It isn’t complete yet and there’s [...]
Birth of the regex sandbox
I decided today to do a proper blog post to explain my reasons for creating regex sandboxes. I don’t often write a lot of words on this blog partly because I’m not very good a making long meaningful sentences and partly because I think the point can often be made in [...]
Stefan Esser has launched another Month of PHP security. It includes popular applications which use PHP as well as general bugs. He also includes a general PHP security article that you really should read to help secure your code. I’d also keep an eye out for the hardening of PHP configuration which will be released [...]
Not posted for a while because I couldn’t think of anything interesting to say but I thought about something I found ages ago in PHP4 and it’s been long enough now. This is also quite funny because my server is vulnerable to this (that’s what I get for crappy hosting).
So what happens if you escape [...]
I’ve developed a new XSS scanner tool that’s written in Javascript called XSS Rays for Microsoft. They have given me permission to release the tool as open source which is awesome because it can be used for other open source applications. I recommend you use it as part of the web development process to make [...]
If you’ve read this blog from the beginning you’ll know I like to write CAPTCHAS. The reason being is that it is a technical challenge to write something that a computer has difficulty reading. I think the Codetcha I wrote a while ago was successful in concept because the code errors would be very difficult [...]
I haven’t hacked the PHPIDS for a while but David Lindsay (AKA Thornmaker) inspired me. When I say hacked I mean in a good way because finding bypasses helps improve the filters
Here is my vector:-
/Please submit the string\
to help us make the \
PHPIDS better./,y=(’aler\
t’),x=this,x=x[y]
x(’I cant let you have all the fun thornmaker’),/abc abc\
abc [...]
I’ve finally created a Hackvertor video demo, I’ve encoded it in swf and compressed it quite a lot. The quality is good and at a high resolution but the colours are a bit out other than that it should be quite clear how it works. The demo is available here:-
Hackvertor video demo
It’s really bad. The amount of code that gets released and is vulnerable is shocking. Wordpress you need to do something. Anything. Disable all plugins now, run a audit on the code or use a user security review process, even as a last resort run some sort of automation on the code. Is it really [...]
I had a bet with a friend of mine David Lindsey aka Thornmaker. Basically we said the first one to get a XSS vector on phpids buys a beer at Bluehat I haven’t had much time to do this because I’ve been pretty busy but over the last few days in my spare time [...]