Ok maybe I'm being stupid but if you verify the origin then how can you be CSRF'd unless it's from the valid server via XHR?
Forum: CSRF and Session Info

Not sure what the problem is here X-Requested-With is a custom header added by Django, it's possible to set a custom header using a redirect and that was bypassed. If you're using origin then it shouldn't be a problem. If origin isn't set then the request won't happen anyway because it's validated by CORS.
Forum: CSRF and Session Info

Ack. Ugh. I should have setup some tests. I assummed that since the node wasn't actually html the attributes wouldn't be affected by dom clobbering techniques obviously I was wrong :( I'll have to check it's the real attributes again =)
Forum: XSS Info

Damn. This is tricky. I also need to prevent call/apply too :( document.body.innerHTML='<script> </script>'; x=document.getElementsByTagName('script')[2].cloneNode(); document.body.appendChild.call(x,document.createTextNode('1')); document.body.appendChild.call(x,document.createTextNode('/alert(location)/+0')); document.body.appendChild(x); I need to do the sandbox step just
Forum: XSS Info

My parser waits in fear and anticipation of the great lever one mass pwnage.
Forum: XSS Info

I'm back after a huge delay :) if you are still interested in the project I've rewritten a lot of the parser to be much faster. I've removed browser syntax verification because chrome is fucked. Here's an exploit using the chrome bug which I fixed: Function("/*", "*/){},alert(location),function(){") I can now parse jQuery in 25-50ms :) I've fixed the dom hacks by basically
Forum: XSS Info

Wow thanks! I've fixed all those. I'm currently struggling with chrome at the moment, there seems to be a large delay processing the initial js. I might have to make my code smaller and use less calls to charCodeAt.
Forum: XSS Info

As always thanks and thanks for pointing out my stupid mistakes. For the moment I've disabled innerText/textContent on style. I check the tagName inside the setter so if you can set tagName to something else then you can bypass it but it appears that it is read only in the browser. I will add CSS parsing insider the setter later.
Forum: XSS Info

Thanks and fixed. I've changed how I remove attributes and fixed a couple of things with the ASI.
Forum: XSS Info

Unfortunately I don't have time to illustrate every feature with a video :( pretty much the same functionality is there though you just have to hover over the tags in the menu and it will tell you the options available. The new version of Hackvertor will present the tag options in a menu rather than having to type manually once I get round to it.
Forum: Obfuscation

Forum: Obfuscation

Ugh ack. Two bugs. 1. Spaces character check is invalid range 2. isVariablePart is accepting para/line separarators =) Update.. Fixed. This was because I copied a regex of valid variables then did a conversion to ranges but either the regex was wrong or my conversion function went wrong. I've redone it using a manual check using eval in the browser to see if they are valid variables. Sorry
Forum: XSS Info

Ok wow fixed those. - Rewrote octals because who uses them anyway - You made me add a function for asi. It's slower but needed to avoid the same mistakes in different places. - Also fixed the number state machine to return an error with unexpected exponent if one was not included.
Forum: XSS Info

Thanks and fixed. I force a space after some keywords I missed. Luckily these are stupid human mistakes from me and not an attack on the technique. Also added a semi colon after return, break or continue:
Forum: XSS Info

Niiiiice :) very cool exploit of my asi. I now check the context and insert a for semi instead of semi if require so the { becomes a object literal.
Forum: XSS Info

I'm currently rewriting again but this time not relying on the browser to validate syntax. I'm going to write it all and unable us to define rules and hopefully fix these syntax based attacks. Oh and it should be even faster since I'm now using if statements and very limited amount of functions. Update... New version is up: Google code page: You will notice the parsing is much faster
Forum: XSS Info

Ok arch nemesis I now force divide and regex and =/ Fixed those. You have a new toy as well, dom api. b=document.createElement('b');b.appendChild(document.createTextNode('hello world!'));document.querySelector('form').appendChild(b); Update... and jQuery :O 1. Hit load jQuery 2. Hit execute 3. $ now contains a reference to a sandboxed jQuery!!
Forum: XSS Info

Quote :) In my opinion it's more fun, when "a lot of other parsers have problems". XD
Forum: XSS Info

Fair enough I'll upload to google code, what license do you prefer? I consider you an owner of this project too since without you it would be nothing. BTW your tests are amazing, have you considered releasing a js parser test suite? The edge cases are really really tricky to parse and a lot of other parsers have problems. There is a new version uploaded now. I'll put it on google code when
Forum: XSS Info

1. Doh. I've fixed the var statement stuff by adding it to current expression tracking. 2. Yeah ooops I need to sort that 3. Any reason you need it there? Easier for looking at code? I didn't get any code contributions from anyone last time so I didn't bother. Update... You might want to wait until I fix a lot of things :) need to restructure how function statements, function expressions and
Forum: XSS Info

I wrote a new parser I've checked it against previous attacks and the syntax problems list from lever one. I should be in a better position to fix issues now since I can match paren expressions and object literals etc more easily.
Forum: XSS Info

nutscape aka Netscape Navigator
Forum: Obfuscation

Two stage attack is lame =) try harder.
Forum: Obfuscation

This was just for you :)
Forum: Intro

ripper Wrote: > Well thx mate...Any good tuts about > non-alphanumeric PHP ?? Did a blog post here: and there's some stuff in my slides: (pdf) I didn't do a tutorial as such but if enough people ask I might do a blog post I suppose
Forum: Intro

Welcome, look at lightos and reiners posts those guys love SQLi and are pretty damn awesome at it.
Forum: Intro

@id That's awesome haha proper sneakers shit going on there :D
Forum: Privacy

Don't be so serious I was only poking fun. It was a zip file I just found it funny you called it an encrypted file that's all.
Forum: OMG Ponies

I miss the animated guy with the type writer that everyone used, oh and spinning globes. Geocities rocked.
Forum: OMG Ponies

Forum: OMG Ponies