My Security Planet » The Spanner » June 30, 2008

Feeds

13618 items (0 unread) in 75 feeds

• Jeremy Zawodny's blog
• Mozilla Webdev
• Transcendental Technical Travails
• Ian Bicking: a blog
• Hackosis

• Watchfire Application Security Insider
• BlogSecurity
• sirdarckcat
• Google Online Security Blog
• CGISecurity.com: Your Web Site and Application Security Resource
• Switch/Twitch
• mybeNi websecurity
• cat slave diary
• SecuriTeam Blogs
• Curiouser and Curiouser
• Alex's Corner
• Billy (BK) Rios
• Chris Shiflett
• christian's weblog
• funkatron.com
• GNUCITIZEN
• The Spanner
• hackademix.net
• Ruby on Rails Security Project
• It's a shampoo world anyway
• Web Security Blog
• ha.ckers.org web application security lab
• Yet Another Infosec Blog
• PHP Security Blog
• Security Thoughts
• Sunnet Beskerming Security Advisories
• Disenchant's Blog
• Sylvan von Stuppe
• Larholm.com
• The Turkey Curse
• Jeremiah Grossman
• Anurag Agarwal - Application Security Evangelist
• Ivan Ristic
• deep inside | security & tools
• omg.wtf.bbq.
• BlueHat Security Briefings
• Tactical Web Application Security
• .:Computer Defense:.

• tssci security
• Plynt Penetration Testing Blog
• Michael Howard's Web Log
• Security Retentive
• BindShell.Net
• Dominic White's .tHE pRODUCT
• SecurityFocus News
• Justice League
• Schneier on Security
• Rational Survivability
• terminal23
• 1 Raindrop
• hiredhacker.com
• Matasano Chargen
• Security Vulnerability Research & Defense
• Michael on Security - Musings on Information Security
• Fortify blog
• The Art of Software Security Assessment
• GDS Security Blog
• Vodun.org
• Robert Penz Blog
• Mark Curphey - SecurityBuddha.com
• Liminal states
• Security Ripcord
• ModSecurity Blog
• IBM Internet Security Systems Frequency X Blog
• Suspekt...
• extern blog SensePost;
• Zero in a bit

• SEO BlackHat: Black Hat SEO Blog
• busin3ss.name

• Opensourcetesting.org News

The Spanner

• 

  Javascript protocol fuzz results

  Posted: June 30th, 2008, 7:32am CDT by Gareth Heyes

  Tags:  Security   [edit]

  Well it seems that Firefox 2.0.0.14 has provided the most interesting results with my protocol fuzzer.

  Char: 56320, link: jav&#56320ascript:
  Char: 56321, link: jav&#56321ascript:
  Char: 56322, link: jav&#56322ascript:
  Char: 56323, link: jav&#56323ascript:
  Char: 56324, link: jav&#56324ascript:
  Char: 56325, link: jav&#56325ascript:
  ,, ,, ,, ,,
  

  All the way to:-

  char: 57343, link: jav&#57343ascript:
  

  and hex entities but with a semi-colon:-

  From:
  Char: 56320, link: javí°€ascript:
   
  To:
  Char: 57343, link: javí¿¿ascript:
  

  It means code like this works in Firefox 2.0.0.14:-

  <a href="jav&#56325ascript:al&#56325ert(1)">test</a>
  

  More oddities were found but nothing as interesting as the above.

  The ever changing XML file can be found here which stores the vectors by platform and browser versions:-

  Vectors XML

  Update…

  Opera strangeness too…

  Char:2048,Link:javascript&#2048:
  Char:2304,Link:javascript&#2304:
  Char:3328,Link:javascript&#3328:
  Char:3840,Link:javascript&#3840:
  Char:4096,Link:javascript&#4096:
  Char:4256,Link:javascript&#4256:
  Char:4352,Link:javascript&#4352:
  Char:4608,Link:javascript&#4608:
  Char:4864,Link:javascript&#4864:
   
  Plus nbsp is allowed here:-
  Char:160,Link:&#160javascript:
  

  There are more, higher ones too

TOP RSS Gregarius 0.5.4 Tentatively valid XHTML1.0, CSS2.0 Last update: Thu May 24 08:14:15 2012