This time I show you, how to build a "backdoor" in your own OpenSSH 6.4p1 installation under Kali Linux
Continue reading "[Video] - Build a backdoor in OpenSSH 6.4p1 with Kali Linux"
Here you can find the HTML5 Security Cheatsheet, which is a nice source of some good XSS payloads.
XSS via formaction – requiring user interaction (1)
A vector displaying the HTML5 form and formaction capabilities for form hijacking outside the actual form
Self-including DOM Worker XSS
A self-including code snippet utilizing a DOM worker and firing a message event to itself causing script execution
Self-hijacking JSON literals
In case parts of a JSON literal are controlled by user input there’s a risk to allow auto-harvesting values from later object members.
I totally forget to publish my Security Advisory about some Cross-Site Request Forgery & Cross-site Scripting vulnerabilities on http://t-online.de. So I published it today.
And here is the link to the advisory SSCHADV2012-099
and here are some pictures about the XSS by html file (1, 2), txt file (1, 2, 3) and two videos about the CSRF vulnerabilities :)
Continue reading "Shame on me ;-)"
$message = $_GET[‘xss’];
onreset|onresize|onselect|onsubmit|onunload)\s*=\s*"[^"]+"/i’, ‘’, $message );
Continue reading "Bypass 'preg_replace' XSS filter"