Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Q and A for any cross site scripting information. Feel free to ask away. 

Current Page: 1 of 1
Results 1 - 6 of 6
2 years ago
Jean Pascal Pereira
I don't think so. Can't reproduce this in IE9. Do you have any proof for your statement?
Forum: XSS Info
2 years ago
Jean Pascal Pereira
I can't really agree with you there. Dynamic properties (like "expression") are only working if the X-UA-Compatible header is set to an obsolete version of the IE or a wrong document type is used. Dynamic properties are turned off by default since version 8. I recently wrote an article about that issue: http://impuls23.edublogs.org/2012/06/06/css-expressions-do-work-again-in-ie9/
Forum: XSS Info
2 years ago
Jean Pascal Pereira
You can set a target frame in a form element. Create an invisible iframe and use it as target.
Forum: CSRF and Session Info
2 years ago
Jean Pascal Pereira
Short question, short answer: no. There are still a lot of techniques to bypass Barracuda filtering. Use Snort.
Forum: Vendor Talk
2 years ago
Jean Pascal Pereira
Hello, are there still possibilities to execute JavaScript via stylesheets? The common methods like expression or moz-binding are not working in modern web browsers. It seems that Mozilla completely removed the -moz-binding functionality. Regards
Forum: XSS Info
4 years ago
Jean Pascal Pereira
Hi, I'd like to work on new possibilities to bypass the same origin policy of Javascript. There has been a bug in safari before and it seemed to be pretty simple doing it this way. I'm sure there are working possibilities to break out of the SOP. My vendors: Mozilla Firefox Microsoft IE 8 Google Chrome Safari doesn't make much sense for me because I'm not a Mac user. If anyone li
Forum: CSRF and Session Info
Current Page: 1 of 1