Skip to content

Category Archives: xss

XSS attacks a practical example

I’ve been talking with Hackathology and he was having trouble understand the context of certain XSS attacks, so I decided to write him a quick PHP document which creates vulnerable variables and examples. The document has links which perform the injections on itself, I didn’t have IE handy to test so forgive me if the [...]

Posted 01 October 2007 Gareth Heyes § Security Comments (9)

Hackvertor

I was bored again and I fancied creating something useful to easily convert between entities etc. I was inspired by Mario’s excellent encoding tool, which I really like but I wanted to be able to convert to unicode and use multiple strings at once. So I give you….
Hackvertor!! which will allow you to use placeholders [...]

Posted 25 September 2007 Gareth Heyes § Security § hackvertor § php § tools Comments (2)

Combining Unicode and Hex decimal

I thought this was cool whilst experimenting, I found I could use hex decimal (ooops that’s what I get for posting on Monday morning) entities within a url to combine unicode strings to produce anything. The result is a truly obscure looking javascript, I’ve included a plain text alert to help understand what’s going on, [...]

Posted 24 September 2007 Gareth Heyes § Security § javascript Comments (2)

Flash XSS

I’ve known about this technique for years but everyone might not be aware that Flash can be used for XSS, so I’ve decide to do a quick post to explain. Using getURL in Flash allows you to call javascript using the javascript protocol and using the parameter allowScriptAccess enables you to perform cross domain execution. [...]

Posted 24 September 2007 Gareth Heyes § Security § flash Comments (3)

Window name trick

I didn’t know about this trick and I’m sure many others don’t either. You can inject javascript into the window.name and then execute that code from the new window by using eval on the window name. How cool is that? Here’s a example from Sirdarckcat:-

window.name="javascript:alert((window.opener||window).document.cookie);";

The inventor of this technique Giorgio Maone is my new hero [...]

Posted 06 September 2007 Gareth Heyes § Security Comments (13)

So you think you’re a hacker?

I’ve been testing the PHPIDS after Sirdarckcat tempted me with his post At first I created 2 simple vectors to make injection more difficult, then I spent a couple of hours coming up with a full tag and Javascript injection. I shall post the vector here once they have fixed it because it is [...]

Posted 04 September 2007 Gareth Heyes § Security § php Comments (21)

Firefox weird javascript execution

I’ve been reading sla.ckers quite a lot recently and I found a interesting topic on there were rsnake describes Firefox strange Javascript execution vectors which I wasn’t aware of. I thought I’d share them with everyone because I’m sure you’ll find them of interest.
1. First off there’s the double // which allows you to specify [...]

Posted 13 August 2007 Gareth Heyes § Security § javascript § php Comments (10)