May 2007

[2007-05-25] dotnetids >>>

Just a quick note to announce the start of dotnetids, a port of phpids [...]

[2007-05-24] (C)SRF one-time token bypass using AJAX and XSS >>>

This morning I knocked up some proof of concept code to illustrate the [...]

[2007-05-23] Info pages + tools >>>

Added a tutorial on XSS and a permanent link to the String.fromCharCod [...]

[2007-05-23] XSS Tutorial >>>

This page is designed to give an overview of Cross Site Scripting atta [...]

[2007-05-23] String.fromCharCode Encoder >>>

Enter JavaScript in the box below and press "encode": eval(String.f [...]

[2007-05-21] Bypassing Same Origin Policy using Mash-Ups >>>

GNUCITIZEN has been going on about this for some time now, but the tru [...]

[2007-05-20] RSnake + Jeremiah Grossman's Book Released >>>

ha.ckers are reporting that their book on Cross Site Scripting has fin [...]

[2007-05-19] XSF: Cross Site Flashing >>>

Stefano Di Paola presented an interesting paper on Flash security at O [...]

[2007-05-16] MOSEB month of search engine bugs >>>

Purpose of this Month of Bugs is a demonstration of real state with s [...]

[2007-05-16] heise Security reports backdoor in Artmedic CMS >>>

As the title says, heise Security have found a backdoor in the Artmedi [...]

[2007-05-16] XSS in eXceSS: A "learn-XSS tool" >>>

kishord today presents a tool, called XSS in eXceSS and hosted by .mar [...]

[2007-05-16] XSS Cheat Sheet >>>

Just a quick note to point out this invaluable resource for those inte [...]

[2007-05-16] PHP IDS >>>

For those who haven't yet seen this, .mario and christ1an over at sla. [...]

[2007-05-15] JavaScript eval String.fromCharCode encoder >>>

Here is a nice tool for encoding JavaScript into eval(String.fromCharC [...]

[2007-05-15] Amendments to the British Computer Misuse Act >>>

pdp has an interesting post from last month about amendments to the Br [...]

[2007-05-15] Bypass ASP.NET XSS Protection in Internet Explorer >>>

ASP.NET comes preloaded with some default XSS protection which is actu [...]

[2007-05-15] httpOnly Cookie Detection >>>

Admittedly of limited use, here is a JavaScript function I wrote to de [...]

[2007-05-15] Evaluating the security of the JSONRequest object >>>

A proposed extension to the currently supported set of ...Request obje [...]

[2007-05-15] JavaScript Referer Scripts XSS Injection >>>

Many sites use JavaScript methods to inject a hidden form field into 4 [...]

[2007-05-15] Firefox XBL-JS Loader v1.0 >>>

Today I wrote a simple tool to illustrate the binding of a Javascript [...]

posts by month

March 2010  December 2009  October 2009  August 2009  June 2009  April 2009  February 2009  January 2009  December 2008  November 2008  October 2008  September 2008  July 2008  April 2008  March 2008  February 2008  November 2007  September 2007  July 2007  June 2007  May 2007 

recent posts

sshsplit: a dynamic tunnel multiplexer
Fixing scp completion in Ubuntu 9.10
Workaround for Ubuntu Karmic Koala resume problems
Audio Log Anonymizer v1.0 beta
What printer for Linux or Ubuntu?
Using mod_mono with mod_rewrite under apache2 on Linux
Installing Office 2007 on wine 1.1.24
Kubuntu 9.04 Upgrade Problem Resolution
FTP URL FastSnap Parsing in .NET

posts by category

.NET
CSRF
JavaScript
PHP
Site
SSImp
Uncategorized
WebSec
XSS