-
Recent Posts
- Raspberry PI and Tor for slightly easier OPSEC
- Data exfiltration through the VMware hypervisor
- Encoding Web Shells in PNG IDAT chunks
- Taking screenshots using XSS and the HTML5 Canvas
- Exploit: Symfony2 – local file disclosure vulnerability
- Extending Burp Suite to solve reCAPTCHA
- Decrypting suhosin sessions and cookies.
- JavaScript and Daylight Savings for tracking users.
- Google TOTP Two-factor Authentication for PHP
- Exploit: PHPCaptcha / Securimage is not secure.
- Javascript keylogger in JQuery.
- Clickjacking and Phishing with help from the HTML5 JavaScript Sandbox
- PHP Remote File Inclusion command shell using data://
- Hardening and securing PHP on Linux
- Using php://filter for local file inclusion
Recent Comments
Archives
Categories
Tag Archives: HTML5
Taking screenshots using XSS and the HTML5 Canvas
Using the HTML5 Canvas its possible to use XSS to take screenshots of administration and management interfaces that might not have access to. Blind Stored XSS By injecting script tags containing an external JavaScript resource into arbitrary HTTP input fields you can attempt … Continue reading
JavaScript and Daylight Savings for tracking users.
Each country has their own timezone – although timezones are not generally unique variations in the offset can enable a website using JavaScript to pinpoint your location and operating system to an alarming degree of accuracy. Most countries time differs … Continue reading
Clickjacking and Phishing with help from the HTML5 JavaScript Sandbox
HTML5 has some nice new features one of which is JavaScript Sandboxing using iframes. Chrome is currently the only browser to support this but you can be sure others will soon follow. The sandbox allows control over what can be … Continue reading