If you’ve read this blog from the beginning you’ll know I like to write CAPTCHAS. The reason being is that it is a technical challenge to write something that a computer has difficulty reading. I think the Codetcha I wrote a while ago was successful in concept because the code errors would be very difficult […]
Archives for the ‘php’ Category
PHPIDS bypass
Sunday, 4 January 2009
I haven’t hacked the PHPIDS for a while but David Lindsay (AKA Thornmaker) inspired me. When I say hacked I mean in a good way because finding bypasses helps improve the filters 🙂 Here is my vector:- /Please submit the string\ to help us make the \ PHPIDS better./,y=(‘aler\ t’),x=this,x=x[y] x(‘I cant let you have […]
Hackvertor video demo
Thursday, 18 December 2008
I’ve finally created a Hackvertor video demo, I’ve encoded it in swf and compressed it quite a lot. The quality is good and at a high resolution but the colours are a bit out other than that it should be quite clear how it works. The demo is available here:- Hackvertor video demo
WordPress plugin security
Wednesday, 22 October 2008
It’s really bad. The amount of code that gets released and is vulnerable is shocking. WordPress you need to do something. Anything. Disable all plugins now, run a audit on the code or use a user security review process, even as a last resort run some sort of automation on the code. Is it really […]
XSS is art
Thursday, 11 September 2008
I had a bet with a friend of mine David Lindsey aka Thornmaker. Basically we said the first one to get a XSS vector on phpids buys a beer at Bluehat 🙂 I haven’t had much time to do this because I’ve been pretty busy but over the last few days in my spare time […]
CSS overlays and frame breakers
Sunday, 10 August 2008
I (wrongly) assumed that Javascript frame breakers were ineffective when using iframes on IE when using the security=restricted attribute. As it turns out cookies are not allowed by default when using the attribute because the security settings are applied from IE restricted zone. My recommendation is to use frame breakers on administration pages and other […]
Strings to array
Tuesday, 29 July 2008
I’ve been busy lately so I’ve not had time to post much but while writing yet another fuzzer I added a new tag to Hackvertor. Basically I write this code a million times and adding to Hackvertor enables me to save time and conveniently convert strings to arrays. The tag supports both Javascript and PHP […]
Javascript protocol fuzz results
Monday, 30 June 2008
Well it seems that Firefox 2.0.0.14 has provided the most interesting results with my protocol fuzzer. Char: 56320, link: jav�ascript: Char: 56321, link: jav�ascript: Char: 56322, link: jav�ascript: Char: 56323, link: jav�ascript: Char: 56324, link: jav�ascript: Char: 56325, link: jav�ascript: ,, ,, ,, ,, All the way to:- char: 57343, link: jav�ascript: and hex entities […]
Javascript protocol fuzzer
Wednesday, 25 June 2008
Continuing the theme of fuzzers, I’ve wrote a Javascript protocol fuzzer. The goal was to try and produce every variation of javascript execution from links. It uses PHP and Javascript in order to maximize the speed of scanning, this means it can scan around 5000 links at a time. Any ideas on improving the options […]
Codetcha update
Sunday, 30 March 2008
I’ve updated the source and it now includes friendly variable/function creation so they are easier to read than pure random data. Thanks to Agente Naranja for the suggestion! I’ve fixed plenty of bugs and included many customisation options, each site using should change the configuration of the CAPTCHA to make it easy or harder to […]