server side language

Ok this a re-hash of Nitesh Dhanjani finding in the Apple Safari browser[1]. I read that Billy Rios[2] also found something similar in Firefox. That is very interesting, because I assumed -which is the mother of all fuckups- that Firefox was a bit more strict in checking content-types. Anyway, I read some discussion about it and wanted to give my take on it. I gleamed over the examples provided by Nitesh, and I could not help myself uttering only one sentence: content negotiation.  read more »

Yesterday I wrote a quick proposal for the Synapse project. Since not everyone has access to the Synapse project, I will share some ideas here from time to time. I started with a proposal on how to detect Xpath vulnerabilities. Since Xpath can be used in combination with every server-side language, it is easy to write a detection flow for most languages. XPath injection attacks are similar to regular SQL injection, it is possible to inject the same kind of vectors as we normally do with a slight difference in ending syntax in most cases.  read more »

Today I gave PHP's function parse_url a spin. Armed with nulls, carriage returns and line feeds, I obviously could not resist into bypassing the query parsing. While parse_url doesn't do security checks, I think this is still somewhat notable to mention.  read more »