Jump to content

AbhishekKr

Members
  • Posts

    4
  • Joined

  • Last visited

Everything posted by AbhishekKr

  1. new release: http://sourceforge.net/projects/sitehoster...v1.0beta%20RC2/ ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||| Major Changes: _______________ [ v1.0beta RC2 ]||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||| [] there was a requirement raised by few users on un-availability of <script/> in <BODY/> tag after the applying XSS-Patch; which will slow Page Rendering. So, this release is just with a small feature of allowing a <script/> to be added to <BODY/> tag. For this, web developers need to add <script/> to head with 'DEFER' keyword like the one supported in Internet Explorer. It's just that it doesn't expect browser to take care of it. But, pulls out all <script/> with 'DEFER' from <HEAD/> and pushes it in Active Zone of <BODY/> tag. Eg. a Page like [-----] <html> <head> <TITLE>ABK</TITLE> <script type='text/javascript' DEFER>alert('body1');</script> <script DEFER='DEFER'>alert('body2');</SCRIPT> <script>alert('head');</scripT> <script src='dontknow.js' body/> <script type='text/javascript'> alert('DEFer');</script> </head> <body> a test page </body> </html> [-----] is changed to a Page [-----] <html> <head> <TITLE>ABK</TITLe> <script>alert('head');</scripT> <script src='dontknow.js' body/> <script type='text/javascript'> alert('DEFer');</script> </head> <BD><BODY> <script type='text/javascript'> x=document.getElementsByTagName("BODY");x[0].innerHTML = "a test page"</script> <script DEFER> function b(){alert('its deferred 1');}</script> <script DEFER="DEFER"> function c(){alert('its deferred 2');}</script></BODY></BD> </html> [-----]
  2. Same At Blog: http://hackersmag.blogspot.com/2010/09/xss...y-time-for.html XSS Defeating PoC : if have any time for Experimentation It's still in experimental state, if you find some time please try it and let me know of your experience. Video Demo of the same PoC: Project Base: http://sourceforge.net/downloads/sitehoster/v1.0beta%20RC1/ WhitePaper is also available at SourceForge link above and at : http://www.slideshare.net/AbhishekKr/white...-to-subvert-xss
  3. i think u misunderstood the post it is not to install it on your machine and other to test or control its for you to just check whether your Security Solution could identify something of this sort or not 'coz it don't get installed on your machine hidden by itself till you explicitly do that (its open-source check it) and you could use it to Control your Linux based LAN from just from one machine could change commands in code to your wished commands
  4. n00bRAT URL :: http://sourceforge.net/projects/n00brat/ A Demo Video of Why This? What Code Is? How it Works?
×
×
  • Create New...