WebSec

[2008-03-05] IE7 Remote File Access >>>

Just a quick post to draw attention to Ronald's excellent article at h [...]

[2008-02-02] An XML based XSS PoC platform >>>

Well, long time no post. Been in hospital. Been busy with college. L [...]

[2007-11-27] Right-To-Left and Left-To-Right characters >>>

There's been a fair bit of discussion going on at slackers on the secu [...]

[2007-11-09] XSS for the common good - GreaseMousey >>>

I know I haven't posted anything here for a good while, but that's bec [...]

[2007-07-05] Obfuscated fun >>>

Just thought I'd share the following script vector with you all that I [...]

[2007-07-05] Some evil stuff from sla.ckers >>>

There's such a wealth of new XSS vectors coming out of the work on php [...]

[2007-07-05] JavaScript internal numerical representations >>>

Whilst working on the next release of .NETIDS I came across some inter [...]

[2007-06-26] HttpOnly cookies in .NET 2.0 >>>

This is a well known trick that I just wanted to share as it is so cru [...]

[2007-06-26] .NETIDS v.0.1.1.0 released >>>

Just a quick note to announce the release of .NETIDS v.0.1.1.0 - a sma [...]

[2007-06-19] CSRF being used in latest IPB vuln - what about PHP web request? >>>

I was interested to see in a XSS/CSRF exploit the following lines: [...]

[2007-06-19] .NETIDS v.0.1.0.0 released >>>

After much testing/tweaking the first release of .NETIDS is upon us! [...]

[2007-06-15] .NETIDS can now detect fragmented XSS >>>

Today I made some large commits to the .NETIDS project to enable detec [...]

[2007-06-13] Firefox nested comment fragmented XSS >>>

Following on from a post on sla.ckers it emerges that Firefox has a vu [...]

[2007-06-05] A bad day for browsers >>>

Today there were 5 flaws for Firefox and IE6/7 unveiled - 2 for IE and [...]

[2007-05-25] dotnetids >>>

Just a quick note to announce the start of dotnetids, a port of phpids [...]

[2007-05-24] (C)SRF one-time token bypass using AJAX and XSS >>>

This morning I knocked up some proof of concept code to illustrate the [...]

[2007-05-21] Bypassing Same Origin Policy using Mash-Ups >>>

GNUCITIZEN has been going on about this for some time now, but the tru [...]

[2007-05-20] RSnake + Jeremiah Grossman's Book Released >>>

ha.ckers are reporting that their book on Cross Site Scripting has fin [...]

[2007-05-19] XSF: Cross Site Flashing >>>

Stefano Di Paola presented an interesting paper on Flash security at O [...]

[2007-05-16] MOSEB month of search engine bugs >>>

Purpose of this Month of Bugs is a demonstration of real state with s [...]

[2007-05-16] heise Security reports backdoor in Artmedic CMS >>>

As the title says, heise Security have found a backdoor in the Artmedi [...]

[2007-05-16] XSS in eXceSS: A "learn-XSS tool" >>>

kishord today presents a tool, called XSS in eXceSS and hosted by .mar [...]

[2007-05-16] XSS Cheat Sheet >>>

Just a quick note to point out this invaluable resource for those inte [...]

[2007-05-16] PHP IDS >>>

For those who haven't yet seen this, .mario and christ1an over at sla. [...]

[2007-05-15] JavaScript eval String.fromCharCode encoder >>>

Here is a nice tool for encoding JavaScript into eval(String.fromCharC [...]

[2007-05-15] Amendments to the British Computer Misuse Act >>>

pdp has an interesting post from last month about amendments to the Br [...]

[2007-05-15] Bypass ASP.NET XSS Protection in Internet Explorer >>>

ASP.NET comes preloaded with some default XSS protection which is actu [...]

[2007-05-15] httpOnly Cookie Detection >>>

Admittedly of limited use, here is a JavaScript function I wrote to de [...]

[2007-05-15] Evaluating the security of the JSONRequest object >>>

A proposed extension to the currently supported set of ...Request obje [...]

[2007-05-15] JavaScript Referer Scripts XSS Injection >>>

Many sites use JavaScript methods to inject a hidden form field into 4 [...]

[2007-05-15] Firefox XBL-JS Loader v1.0 >>>

Today I wrote a simple tool to illustrate the binding of a Javascript [...]

posts by month

March 2010  December 2009  October 2009  August 2009  June 2009  April 2009  February 2009  January 2009  December 2008  November 2008  October 2008  September 2008  July 2008  April 2008  March 2008  February 2008  November 2007  September 2007  July 2007  June 2007  May 2007 

recent posts

sshsplit: a dynamic tunnel multiplexer
Fixing scp completion in Ubuntu 9.10
Workaround for Ubuntu Karmic Koala resume problems
Audio Log Anonymizer v1.0 beta
What printer for Linux or Ubuntu?
Using mod_mono with mod_rewrite under apache2 on Linux
Installing Office 2007 on wine 1.1.24
Kubuntu 9.04 Upgrade Problem Resolution
FTP URL FastSnap Parsing in .NET

posts by category

.NET
CSRF
JavaScript
PHP
Site
SSImp
Uncategorized
WebSec
XSS