.mario📎 on Twitter: "@0x6D6172696F My favorite part so far is <a href="..." type="text/html"> actually doing type hints that enable XSS in impossible situations."@0x6D6172696F My favorite part so far is <a href="..." type="text/html"> actually doing type hints that enable XSS in impossible situations.
Copy & Pest - A case-study on the clipboard, blind trust and invisible cross-application XSS
Copy & Pest - A case-study on the clipboard, blind trust and invisible cross-application XSS The clipboard is one of the most commonly used tools across operating systems, window managers and devices. Pressing Ctrl-C and Ctrl-V has become so fundamentally important to productivity and usability that we cannot get rid of it anymore. We happily and often thoughtlessly copy things from one source and
ECMAScript 6 from an Attacker's Perspective - Breaking Frameworks, Sandboxes, and everything else
ECMAScript 6, in short ES6, has been boiling in a copper pot for many years by now and step-by-step, browser vendors come forward to taste the first sips of this mystery soup. So, ES6 is no longer a theoretic language but already crawled across the doorstep and now lurks under your bed, ready for the nasty, waiting for the right moment to bite. Now, what is this whole ES6 thing? How did it develop
The innerHTML Apocalypse
This talk introduces and discusses a novel, mostly unpublished technique to successfully attack websites that are applied with state-of-the-art XSS protection. This attack labeled Mutation-XSS (mXSS) is capable of bypassing high-end filter systems by utilizing the browser and its unknown capabilities - every single f***** one of them. We analyzed the type and number of high-profile websites and ap
1
リリース、障害情報などのサービスのお知らせ
最新の人気エントリーの配信
j次のブックマーク
k前のブックマーク
lあとで読む
eコメント一覧を開く
oページを開く
[PDF]ECMAScript 6 for Penetration Testers
prompt.ml
[PDF] mXSS Attacks: Attacking well-secured Web-Applications by using innerHTML Mutations
.mario📎 on Twitter: "<p style="font-family:',;a\\22\\3e\\3cimg\\20src\\3dx\\20onerror\\3d\\61lert\\28\\31\\29\\3e:1'"> < my favorite mXSS vector"
[PDF]Scriptless Attacks – Stealing the Pie Without Touching the Sill