Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Script obfuscation, filter evasion, IDS/IPS/WAF bypassing... this is where it should live. Because this topic is too big to live anywhere else. Phj33r! 

Current Page: 1 of 1
Results 1 - 4 of 4
3 years ago
superevr
what about a pop-up window? <script>window.open("vulnerablesite.com/?xss=")</script> Also, does your script land before the iframe blocker, or after? You could put "/*" and the end of your script and it will take out everything until </script>
Forum: XSS Info
3 years ago
superevr
I'm interested on how you might bypass the inbound alerts. The site I looked at was using an JetSQL (Access) database, which makes things difficult since there is not an inline commenting structure for it. I tried that and parameter pollution for my first attempts.
Forum: Obfuscation
3 years ago
superevr
I'm not that great at reading code. Can somebody help explain how the Webkit XSS Auditor works, and why these bypasses are get through? Source: http://trac.webkit.org/browser/trunk/Source/WebCore/html/parser/XSSAuditor.cpp
Forum: News and Links
3 years ago
superevr
I'm not sure what everyone else is using these tricks for, but I found it to be a great way to evaluate octal strings. I needed some new tricks because our old favorite trick "[],[]['sort']()" is not working in the lastest versions of FireFox, and I was also in a situation where comma was not allowed. So I grabbed some snippets of code from here and built a few code samples. Anythin
Forum: Obfuscation
Current Page: 1 of 1