Well it seems that Firefox 2.0.0.14 has provided the most interesting results with my protocol fuzzer. Char: 56320, link: jav&#56320ascript: Char: 56321, link: jav&#56321ascript: Char: 56322, link: jav&#56322ascript: Char: 56323, link: jav&#56323ascript: Char: 56324, link: jav&#56324ascript: Char: 56325, link: jav&#56325ascript: ,, ,, ,, ,, All the way to:- char: 57343, link: jav&#57343ascript: and hex entities […]

It’s been a while since I’ve blogged but I’m pretty busy at the moment with my new baby and also moving jobs as I was made redundant. I thought I’d combine my work with my blogging as I’m working on some XSS vectors for IE8. During the process I built a simple tag fuzzer which […]

I’ve been hacking the PHPIDS recently and I wanted a pure XSS vector not just script execution, I decided to experiment with the applet tag because it sneaks past the malicious tag detection. I thought to myself I wonder if it accepts the type attribute like the object tag does…. <applet src="data:text/html;base64,PHNjcmlwdD5hbGVydCgvWFNTLyk8L3N jcmlwdD4" type=text/html> That […]

As a technical challenge and maybe in future to allow Hackvertor to execute javascript code from the user. I decided to create a javascript sandbox. It works by first running the code through a new Function constructor and tosource, the reason for this is that Firefox actually converts the code supplied e.g. ‘te\st’ becomes ‘test’ […]

CSS supports hex encoding within styles as well html entities, but did you know you could combine them both? I didn’t. To construct an attack similar to the one displayed below you first need to convert your CSS property to hex, so -moz-binding becomes: \2d\6d\6f\7a\2d\62\69\6e\64\69\6e\67, notice there is no “x” prefix or double zeros like […]

I’ve been working on a small project with the eventual goal of producing random morphing javascript. It’s still early stages at the moment but I’d thought I’d release it now because then I might get some motivation to improve it. I plan to add this functionality into Hackvertor as well as Spambam in future. At […]

Future plans I’ve done a big change in the Hackvertor code to pave the way for some new features. In future I plan to create a web service were we can create/share Hackvertor tags for free. This will enable custom versions of Hackvertor for a specific task, for example we could have a SQL injection […]

I’ve put together a simple script which will use the Javascript parser to find a list of valid variables. This information is useful to know when testing XSS filters or malicious javascript detection. Using these unusual variables I’ve manged to slip Javascript passed some very clever filters including the PHPIDS and Noscript. Check it out […]

It’s amazing the stuff I’ve been finding recently, my browser has crashed more times than windoze. In this article I’ll introduce you to using the DOM for unexpected things and hacking it to your advantage. I’ve learned all this new stuff while hacking a vectors for the slackers XSS contest which is really fun. Contents […]

I’ve been having a lot of fun with the sla.ckers XSS replication contest and I found a cool way to replicate source code of the html document which I haven’t seen anywhere before. Check it out:- alert(document.body.parentNode.innerHTML) This alerts the entire HTML document in Firefox (hopefully IE7 as well). Which is pretty cool 🙂 Here […]