In our “New ways I’m going to hack your web app” talk, one vulnerability example we had was with wordpress. There were three pieces to the attack 1) uploading an xsl file, 2) uploading an XML file that applied the XSL transform and 3) tossing the cookie up to execute script cross domain. Nicolas Grégoire watched [...]
I thought about starting a new blog, it’s been that long. Giving our talk, “New ways I’m going to hack your web app” at Bluehat 2011 was awesome. I practiced so much that everything just went well. Unfortunately I managed to forget a ton of it for 28c3/Blackhat and I spoke way too fast (I [...]
Or maybe where was the Dev in the room? Imagine you’re sitting at a computer logged into your favorite website, lolcats, and you click on a shady link while logged in. There are a lot of attack scenarios that start this way. Browsers have a cross domain policy that prevent the shady site from accessing any of [...]
My over caffeinated self somehow managed to stumble through the talk at toorcon. I’m self critical over the whole thing, but still overall a great experience, and I’m glad I did it. I was totally nervous. This was my first ‘con’ and the room was packed (people standing at the wall), I spotted relatively famous [...]
No computers were harmed in the 0.193 seconds it took to produce this page.