Some had a good nights sleep last night. Generally it will be those who heeded our suggestions given last year September with Backdooring PDF Files, while others most likely didnt get any sleep at all.
I woke up this morning and started getting ready for work. As usual, I turned on my laptop and cruised over to Michael Daws SecNews...
pagvac from ProCheckUp released an advisory on how to bypass ASP.NET XSS validation.
This attack is only possible with Internet Explorer users as it exploits the old IE CSS comment hack; a very creative find indeed from the guys at ProCheckUp.
Proof of Concept:
Alert box injection - simply provided for testing purposes
(may cause DoS issues on Internet Explorer)
ASP.NET will also escape...
michaeldaw.org is pleased to announce the first “Michael Daw Anthology” award.
For those of you curious, anthology is a collection of published works. The original idea behind the michaeldaw.org website was to build stories upon a fictional hacking icon named, Michael Daw, as well as to host other security related material. As a close friend pointed out to me, the...