-
Recent Posts
Recent Comments
- OWASP Top 10 for ASP.net Core - Cross-Site Scripting (XSS) - Dot Net Core Tutorials on Bypassing Chrome’s Anti-XSS filter
- Set X-XSS-Protection in ASP.net Core - Dot Net Core Tutorials on Bypassing Chrome’s Anti-XSS filter
- ProspectiveStudent on Why you should apply to Stony Brook if you want to pursue a PhD in computer security and privacy
- Ikram on Why you should apply to Stony Brook if you want to pursue a PhD in computer security and privacy
- I-wear-an-anonymous-badge-at-CCS on Poor reasons to reject a computer security paper, Part 1
Archives
Categories
Meta
Author Archives: nikifor
Bluehost.com made me feel blue…
Two years ago I decided to get a personal site. I was after two things: flexibility and low cost. I didn’t want to get a VPS but I also didn’t want the hosting packages of one domain and 350MB of … Continue reading
Posted in Miscellanea
19 Comments
Stored XSS on Statcounter!!!
Stored XSS on popular Web statistics framework Statcounter. Log yourselves out of Statcounter and if possible disable JavaScript for the domain (possible in Chrome, not sure about Firefox)… Will give more details when Statcounter fixes it. The only reason I … Continue reading
Posted in Miscellanea
Leave a comment
What do you call?
Joke I just made up: What do you call a woman who first says to you “I love you” but ten minutes later she adds “I actually don’t, but don’t feel bad because I say that to all men”?
Posted in Miscellanea
Leave a comment
Firefox and Self-XSS
I still remember the good old days when I would just write “javascript:alert(document.cookie)” in my address bar and the browser would happily show me the JavaScript-accessible cookie values for the current domain. These were simpler days… Mid-2011 the developers of … Continue reading
Posted in Breaking stuff
4 Comments
If he was good enough…
Since the beginning of October I’ve been following the online AI course from Standford, taught by Sebastian Thrun and Peter Norvig. In the last two months, I’ve given up a great part of my free time to look at videos, … Continue reading
Posted in Miscellanea
5 Comments
Bypassing Chrome’s Anti-XSS filter
Its been a while since my last post so I decided to make it worthwhile :). I was recently checking a friend’s site for the classic Web application vulnerabilities, when I found a reflected XSS attack. While I was investigating … Continue reading
Posted in Breaking stuff
31 Comments
Write your own SSHD backdoor
This article is not written by me. I found it online, but only in one place so this is effectively a mirror for it. Enjoy 🙂 /////////////////////////////////////////////////////////////////////////////// /************************************************** ***************************/ /* Tutorial: How to write a backdoor for OpenSSH. */ /* … Continue reading
Posted in Uncategorized
Leave a comment
A peek in Google’s past with phpinfo()
You have to love phpinfo() . This simple PHP function prints out a truck-load of information regarding all kinds of configuration details of your Apache + PHP installation. It is very helpful to a Web administrator who is trying to … Continue reading
Posted in Miscellanea
Leave a comment
Security inconsistencies…
While I was in Eindhoven for OWASP BeNeLux 2010 I was at some point searching online for WikiLeaks posts regarding greek politics. I was checking the results from the first page of Google when suddenly this caught my eye:
Posted in Miscellanea
1 Comment
Hello world!
On the 3rd of December 2010 I decided to start this blog. I am way too busy to update this on a regular basis however I plan to post here all the things that I find (interesting|smart|stupid) enough to share … Continue reading
Posted in Uncategorized
1 Comment