omg.wtf.bbq.

because arshan’s too cheap to license OneNote

Browsing Posts tagged injection

One of theĀ things I highlighted in my paper on AntiSamy was the fact that JavaScript is often the only thing we think of when we hear the term “malicious code” in terms of webappsec. Let’s suppose that’s false for a second. The question then becomes: If MySpace can strip out all your JavaScript, what can [...]

So my co-worker Eric Sheridan was talking about an attack scenario in one of our recent assessments where he left a note to the effect of, “we could download any file with this vulnerability if null byte injections work in Java – testing needed”. Interesting. Five minutes later I’ve got some test cases and as [...]