Musings on Information Security: Cross site scripting filter evasion - OWASP

skip to main | skip to sidebar

_ Where facts are few, experts are many

Home
Advisories
Daily News Paper
About Me
Contact
Subscribe RSS

Cross site scripting filter evasion - OWASP

[Wednesday, October 15, 2008 | 0 comments ]

My colleague Alexios gave a talk about evading XSS filters at the recent OWASP conference, what strikes me is the multitude of ways you can do it. I am sure you find something you didn't know when watching it :

0 comments

Post a Comment

Newer Post Older Post Home

About Me

Thierry Zoller: Welcome to my personal Blog - I blog about Information Security and in general anything I regard as newsworthy. On the professional side I am currently working as an EMEA Practice Lead at Verizon Business for Threat and Vulnerability Management based in Luxembourg.

Quick-links
▪ My vulnerability disclosure policy
▪ About me / Profile
▪ Tools / Talks / Whitepapers
▪ Contact Me

The views and opinions expressed on this blog are my personal views and are not intended to reflect the views of my employer or any other entity.

View my complete profile

Follow by Email

Cluster Map

Popular Posts

IIS 6 / IIS 5 / IIS 5.1+ Webdav auth bypass [Final]

Table of Contents Updates Bulletins Am I at risk ? Tools Technical details 0.1 Personal message Several news stories seem to allu...
PCI compliance, Security in isolated systems and Parking Tellers

A colleague of mine spotted the below while we were doing our expenses - The photograph below shows two separate receipts from two parking ...
CVE-2010-x+n - Loadlibrary/Getprocaddress roars its evil head in 2010

Subscribe to the RSS feed in case you are interested in updates After Acrossecurity , published an interesting vulnerability and HDmoo...
The BEAST summary - TLS, CBC, Countermeasures (Update 4)

Lots of good information floating on the internet on the Proof of Concept (dubbed 'BEAST) against TLS 1.0 by Juliano Rizzo and Thai Duong ...
CVE-2010-2568 - LNK Code execution - Proof of concept (Update)

Subscribe to the RSS feed in case you are interested in updates Ivanlef0u released a POC for the exploit used in targeted attacks : http...

Twitter Updates

Blogs I read

Schneier on Security

Friday Squid Blogging: Squid's Beard - It's an acoustic bluegrass band. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.
1 day ago
Securosis Highlights

Friday Summary: February 10, 2012 - They say it takes 10,000 hours of practice at a task to become an expert. This isn’t idle supposition, but something that’s been studied scientifically –...
1 day ago
Troy Hunt

Security, Security, Security! Helping the LIDNUG community build safer software - Today I had the pleasure of spending about an hour and a half talking to Peter Shaw from LIDNUG about security, security and, uh, security! If the Linked...
2 days ago
Leblanc

Blog Post: AX for Retail: Receipt footer is not displaying Tax information -
2 days ago
IBM Internet Security Systems Frequency X Blog

Remote Code Execution in PHP 5.3.9 -
5 days ago
Cup of Security

Free Mobile ou Roaming Orange, vérifiez le vous-même avec votre iPhone ou smartphone Android - Si comme moi vous avez changé d'opérateur Mobile pour Free Mobile, vous n'avez pas pu passer à côté des lourdes accusations portées contre Free Mobile par ...
6 days ago
Metasploit

Getting The Most Out of Metasploit: Pentesting, Password Auditing, and Vulnerability Validation - When we talk to Metasploit users, they usually use it for either penetration testing, password auditing or vulnerability validation, but few use it for m...
1 week ago
root labs rdist

Why stream ciphers shouldn’t be used for hashing - I recently saw a blog post that discussed using RC4 as an ad-hoc hash in order to show why CBC mode is better than ECB. While the author’s example is merel...
1 week ago
VRT

Android.Counterclank: Malware or Adware? - This weekend I noticed a ComputerWorld article titled "Massive Android malware op may have infected 5 million users". After reading, it seemed to be exactl...
1 week ago
Ma petite parcelle d'Internet...

De la fermeture de Megaupload... - L a fermeture par le FBI de Megaupload la semaine dernière a eu l'effet d'une bombe. Pas un média, tout support confondu, n'a pu se retenir d'en parler. Mê...
2 weeks ago
Cognitive Dissidents

Nomination for Most Educational Blog - It’s an honor just to be nominated. A few weeks ago, the nominations for the 2012 Social Security Bloggers Awards came out. Given how spanky new this blog ...
2 weeks ago
/dev/ttyS0

Reaver Now Goes to 11 - The decision has been made to open source the Reaver command line tool. The commercial version will contain the all the features the open source command-li...
5 weeks ago
...And You Will Know me by the Trail of Bits

Pwn2Own Pre-Game - Just in time to get warmed up for Pwn2Own, we are delivering a joint offering of the training courses “Bug Hunting and Analysis 0×65” by Aaron Portnoy and ...
2 months ago
Androguard

Virtual Machine for Android Reverse Engineering - Hi !! Now, it's possible to download a virtual machine (for VirtualBox) with all interesting tools around android RE. So you can test directly Androguard, D...
3 months ago
ax330d's blog

Summing up SVG fuzzing in browsers - Hi there. As the title states, this is a summary of SVG fuzzing results. Today I would like to prattle a bit about what I was doing for some 2 weeks in t...
4 months ago
Nynaeve

NWScript JIT engine: Wrap-up (for now) - Yesterday, I provided a brief performance overview of the MSIL JIT backend versus my implementation of an interpretive VM for various workloads. Today, I’l...
1 year ago

Show 5 Show All

Blogroll

Joe Sandbox
Hack.lu
SVEN
Cup of Security Blog
Heise Security
Korbens Blog
Joebox
Beatrix
Metasploit

Labels

Advisory (52)
Rants from Thierry (19)
Tool (14)
Vulnerabilties (10)
Misc (7)
How-to (6)
Lectures (2)
Whitepaper (2)
zero day (1)

Copyright Musings on Information Security Template by Michael Jubel