Hi there!
I have always been fascinated by the concept of a victim browsing around on a website not knowing that I can see everything he does, and all this from a simple XSS! After I stumbled upon a relatively new HTML5 function in the window.history object called “pushState”, I just had to make a proof of concept.
More+Well well, another post about safari! The problem I will take up today is the how Safari handles protocol handlers. In all other major browsers, even Internet Explorer, you have to agree to visit a link with a custom protocol. But not in safari. Oh no.
More+Heya! It’s been a long while since I wrote something here so I’d though I’d dust of the blogger keyboard and get some posts going. To start off I will cover the MySQL Injection in INSERT and UPDATE statements. What injection points in an INSERT query can we extract data from?
More+Hey! Remember the good old days when the web spouted RFI’s everywhere? We miss those days. So me and Fredrik figured out a new way to reincarnate the old dusty RFI’s! This is an unexpected feature in PHP that allows you to communicate with external servers even though allow_url_include = Off.
More+As some of you might already know, me and Fredrik have been working on a low-level network library for the .Net framework. Its name is nokitel and this post will cover the features of the library since the documentation is not finished yet.
More+