Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Q and A on cross site request forgeries and breaking into sessions. It's one of the attacks that XSS enables and the attack of the future. For Session, fixations, hijacking, lockout, replay, session riding etc.... 

Current Page: 1 of 1
Results 1 - 6 of 6
2 years ago
Jean Pascal Pereira
I don't think so. Can't reproduce this in IE9. Do you have any proof for your statement?
Forum: XSS Info
2 years ago
Jean Pascal Pereira
I can't really agree with you there. Dynamic properties (like "expression") are only working if the X-UA-Compatible header is set to an obsolete version of the IE or a wrong document type is used. Dynamic properties are turned off by default since version 8. I recently wrote an article about that issue: http://impuls23.edublogs.org/2012/06/06/css-expressions-do-work-again-in-ie9/
Forum: XSS Info
2 years ago
Jean Pascal Pereira
You can set a target frame in a form element. Create an invisible iframe and use it as target.
Forum: CSRF and Session Info
2 years ago
Jean Pascal Pereira
Short question, short answer: no. There are still a lot of techniques to bypass Barracuda filtering. Use Snort.
Forum: Vendor Talk
2 years ago
Jean Pascal Pereira
Hello, are there still possibilities to execute JavaScript via stylesheets? The common methods like expression or moz-binding are not working in modern web browsers. It seems that Mozilla completely removed the -moz-binding functionality. Regards
Forum: XSS Info
4 years ago
Jean Pascal Pereira
Hi, I'd like to work on new possibilities to bypass the same origin policy of Javascript. There has been a bug in safari before and it seemed to be pretty simple doing it this way. I'm sure there are working possibilities to break out of the SOP. My vendors: Mozilla Firefox Microsoft IE 8 Google Chrome Safari doesn't make much sense for me because I'm not a Mac user. If anyone li
Forum: CSRF and Session Info
Current Page: 1 of 1