Well it seems that Firefox 2.0.0.14 has provided the most interesting results with my protocol fuzzer. Char: 56320, link: jav�ascript: Char: 56321, link: jav�ascript: Char: 56322, link: jav�ascript: Char: 56323, link: jav�ascript: Char: 56324, link: jav�ascript: Char: 56325, link: jav�ascript: ,, ,, ,, ,, All the way to:- char: 57343, link: jav�ascript: and hex entities [...]

Continuing the theme of fuzzers, I’ve wrote a Javascript protocol fuzzer. The goal was to try and produce every variation of javascript execution from links. It uses PHP and Javascript in order to maximize the speed of scanning, this means it can scan around 5000 links at a time. Any ideas on improving the options [...]

I’ve updated the source and it now includes friendly variable/function creation so they are easier to read than pure random data. Thanks to Agente Naranja for the suggestion! I’ve fixed plenty of bugs and included many customisation options, each site using should change the configuration of the CAPTCHA to make it easy or harder to [...]

I’ve sat on the concept for a long time and it has had many names but I’ve got a bit of free time now so I decided to create a proof of concept. It isn’t perfect yet and there may be false positives due to a few bugs but if you read my blog you [...]

Ronald and I had a good conversation about Javascript regular expressions comparing them to PHP. He was having difficultly with the syntax because he was used to preg in PHP so I promised to share my knowledge gained from developing various online scripts. First up preg_match in PHP can be achieved using the match function [...]

Eric Butera emailed me with a very interesting topic about protecting against PHP_SELF exploits. I thought it might be a good idea to gather a few test cases demonstrating the problem. Why PHP allows these URL’s is beyond me and it wouldn’t take much work to filter out these malicious URL’s in the PHP code. [...]

I’ve updated the design and layout of Hackvertor along with some new tags and features. In the next few weeks I plan to tidy the code up and reduce a lot of functions. If you have any feature suggestions then please leave a comment, SQL injection tags are planned for the next release along with [...]

Developers place too much trust in everything, they assume that certain data cannot be faked and therefore these pieces of data can be used as a Trojan horse. Lets take the REMOTE IP of a user, it seems a trusted source because of the TCP/IP connection between the user and the server but take the [...]

When someone uses htmlentities I’ve seen it time and time again that they expect that it filters variables from all XSS. This is wrong of course because the function requires a second parameter ENT_QUOTES which correctly replaces quote characters. Some developers aren’t even aware that quotes can lead to XSS injection. This leads me to [...]

I thought I’d continue the theme of experimenting with XSS and trying different things, I haven’t seen this written about anywhere so here goes. The idea is using CSS as a XSS payload, this can be useful when filters allow some things but make it difficult to construct an attack. I’ve decided to call it [...]