?
Forum: XSS Info

There are 2 domain using the same cookie pair(uid & sid) for authenticate user: www.logger.com www.logspot.com uid was to identify a user, and sid was to authenticate him. Suppose most of the user will login via www.logger.com, and the browser will set the cookie: Set-Cookie: uid=15732; PATH=/; DOMAIN=logger.com; Set-Cookie: sid=FupX5px7X; PATH=/; DOMAIN=logger.com; And when the u
Forum: XSS Info

I have google for this topic, but I can't found any solution. http://ha.ckers.org/blog/20070617/another-google-xss-in-google-documents/ in this blog, RSnake Says: June 18th, 2007 at 3:03 pm <comment> <!– –> within iframe tags, noscript tags, and I’m sure there are several others. I am not understand how to do. If I filter the <,>,'," use htmlspecialchars
Forum: XSS Info

hi, all I just found a XSS, which will reflect the argument of url inside the script tag, but the <, >, (, ) would be filtered For example: /ref.php?name=";SOME_CODE_HERE;// The source code of the page is: <script> ... name="";SOME_CODE;// ... </script> When I try name=";alert(1);// It show me: <script> ... name="";a
Forum: XSS Info

I just found this can work: hxxp://somesite.com/thing.php?list=joelTest;location.href='http://evilsite.com';// thanks to my dear coworker:)
Forum: XSS Info

hey, guys I just found a maybe XSS vulnerability in a web site. It reflect one of my GET parameter in its javascript code like this: hxxp://somesite.com/thing.php?list=joelTest;alert(1);// <script> ... list=joelTest;alert1;// ... </script> Plus, '<' and '>' was filtered to &lt; and &gt; Can I XSS it in this case?
Forum: XSS Info

Hi, all By the page 213 of the book "Cross Site Scripting Attacks Xss Exploits and Defense", I know how to overwrite the Array JavaScript object and as such simulate a callback. I just found a site return some JSON data like this: {"ok":{"list":[{"sex":"male", "birth":"12.04", "nick":"tommy"}, {"sex
Forum: XSS Info

hi, everyone I found that the webkit browser will take the embed tag with a html src as a iframe tag, just like: test.html: <embed src="http://www.google.com"></embed> Using the chrome browser to open the test.html, it shows that it was a iframe. That would be a problem in some rich text application. I know the type of embed tag may help, but there are so many
Forum: XSS Info

@PaPPy If there is a xss, writing the token string directly into the form cannot defence csrf either. http://blog.thinkphp.de/archives/150-Buy-one-XSS,-get-a-CSRF-for-free.html
Forum: CSRF and Session Info

@Gareth Heyes, great idae :p In my case, there is only one token in the cookie, just like: vtoken=8a995a95c13fda450b0776532156fe07 but this token does not appear in the html form, the form look like: ... <input type="hidden" name="vtoken" value=<script>document.write(document.cookie...)</script> > ... I am considering this implemention robust to
Forum: CSRF and Session Info

Hey, guys. I found that some web application implementing anti-CSRF token only in the cookie, but not in the html form. When they post data, they use javascript to get the anti-CSRF token from the cookie, and check the token in the background application between the post data and cookie data. How do you think about this implemention?
Forum: CSRF and Session Info

Hi guys, I am the new one in PHP audit and recently, I have read the book "php|Architects Guide To Security", but when I get the source code of a php project I don't know how to start with it. I know about the XSS, CSRF and SQLi, and I have been a web application penetration tester for a long while, but I just know how to test in a black box. I just got a new job about php and java
Forum: OMG Ponies

Implementing a anti-CSRF token will be much more complex than only check the referrer header.
Forum: CSRF and Session Info

hi, I found a web site that allow <marquee> tag, however, it filter all the event handler begin with on, for example "onFinish()". I am wondering if it's safe?
Forum: XSS Info

Without quotes, it could not work in ie6
Forum: XSS Info

It should be <img src=“http://www.businessinfo.co.uk/labs/hackvertor/images/logo.gif” onload='alert(1)'>
Forum: XSS Info