Showing posts with label firefox. Show all posts
Showing posts with label firefox. Show all posts
Wednesday, November 9, 2011
Google eBookstore content extraction
Two months ago I discovered UI redressing vulnerability in Google eBookstore. This has been reported to Google and has been quickly fixed. Following is a description of the vulnerability:
tl;dr: fake captcha on Google eBookstore + how to deal with dynamic line numbers.
Monday, October 11, 2010
Test your skills with this XSS hackme (rev. 2)
XSS is a really nasty beast. It's been around since the 90s and we're still discovering new attack vectors, protection mechanisms, evasion techniques. It's not enough to simply "escape HTML output" (e.g. via htmlspecialchars() ) to get rid of it - there are always some tiny details that, when omitted, can cause script injection on your site.
Today I did some research on a rather less known XSS attack vector and I would like to present a small 'hack me' application - have fun (and read on for details)!
Today I did some research on a rather less known XSS attack vector and I would like to present a small 'hack me' application - have fun (and read on for details)!
Subscribe to:
Comments (Atom)