Skip to content

Category Archives: php

CSS overlays and frame breakers

I (wrongly) assumed that Javascript frame breakers were ineffective when using iframes on IE when using the security=restricted attribute. As it turns out cookies are not allowed by default when using the attribute because the security settings are applied from IE restricted zone. My recommendation is to use frame breakers on administration pages and other [...]

Posted 10 August 2008 Gareth Heyes § Cascading Style Sheets § Security § csrf Comments (5)

Strings to array

I’ve been busy lately so I’ve not had time to post much but while writing yet another fuzzer I added a new tag to Hackvertor. Basically I write this code a million times and adding to Hackvertor enables me to save time and conveniently convert strings to arrays. The tag supports both Javascript and PHP [...]

Posted 29 July 2008 Gareth Heyes § Security § hackvertor § javascript Comments (0)

Javascript protocol fuzz results

Well it seems that Firefox 2.0.0.14 has provided the most interesting results with my protocol fuzzer.

Char: 56320, link: jav�ascript:
Char: 56321, link: jav�ascript:
Char: 56322, link: jav�ascript:
Char: 56323, link: jav�ascript:
Char: 56324, link: jav�ascript:
Char: 56325, link: jav�ascript:
,, ,, ,, ,,

All the way to:-

char: 57343, link: jav�ascript:

and hex entities but with a semi-colon:-

From:
Char: 56320, link: jav�ascript:

To:
Char: 57343, link: [...]

Posted 30 June 2008 Gareth Heyes § Security § fuzzing § javascript § xss Comments (11)

Javascript protocol fuzzer

Continuing the theme of fuzzers, I’ve wrote a Javascript protocol fuzzer. The goal was to try and produce every variation of javascript execution from links. It uses PHP and Javascript in order to maximize the speed of scanning, this means it can scan around 5000 links at a time.
Any ideas on improving the options or [...]

Posted 25 June 2008 Gareth Heyes § Security § fuzzing § javascript Comments (7)

Codetcha update

I’ve updated the source and it now includes friendly variable/function creation so they are easier to read than pure random data. Thanks to Agente Naranja for the suggestion! I’ve fixed plenty of bugs and included many customisation options, each site using should change the configuration of the CAPTCHA to make it easy or harder to [...]

Posted 30 March 2008 Gareth Heyes § Security § captcha § javascript Comments (4)

Codetcha

I’ve sat on the concept for a long time and it has had many names but I’ve got a bit of free time now so I decided to create a proof of concept. It isn’t perfect yet and there may be false positives due to a few bugs but if you read my blog you [...]

Posted 17 March 2008 Gareth Heyes § Security § captcha Comments (15)

Javascript regular expressions

Ronald and I had a good conversation about Javascript regular expressions comparing them to PHP. He was having difficultly with the syntax because he was used to preg in PHP so I promised to share my knowledge gained from developing various online scripts.
First up preg_match in PHP can be achieved using the match function in [...]

Posted 01 February 2008 Gareth Heyes § Security § javascript § regular expressions Comments (7)

Exploiting PHP SELF

Eric Butera emailed me with a very interesting topic about protecting against PHP_SELF exploits. I thought it might be a good idea to gather a few test cases demonstrating the problem. Why PHP allows these URL’s is beyond me and it wouldn’t take much work to filter out these malicious URL’s in the PHP code.
For [...]

Posted 14 January 2008 Gareth Heyes § Security Comments (17)

New version of Hackvertor released

I’ve updated the design and layout of Hackvertor along with some new tags and features. In the next few weeks I plan to tidy the code up and reduce a lot of functions. If you have any feature suggestions then please leave a comment, SQL injection tags are planned for the next release along with [...]

Posted 03 January 2008 Gareth Heyes § Security § hackvertor Comments (2)

Faking the unexpected

Developers place too much trust in everything, they assume that certain data cannot be faked and therefore these pieces of data can be used as a Trojan horse. Lets take the REMOTE IP of a user, it seems a trusted source because of the TCP/IP connection between the user and the server but take the [...]

Posted 02 December 2007 Gareth Heyes § Security § xss Comments (10)