Uncategorized

Protected: HIDDEN

This content is password protected. To view it please enter your password below: Password: [...]

Forging Content-Type Header With Flash

You might already know how you can forge HTTP request headers using flash. So, to keep it short, I'm talking about [crayon-59e64e71ac18a739260643-i/] [...]

Stealing CSVs crossdomain

Back in 2008, Chris Evans found it was possible to steal data cross-domain in Firefox using script includes. We can still read his report [...]

HackerOne XSSI – Stealing multi line strings

I assume you already know what XSSI is. If not, here’s a brief introduction cited from Identifier based XSSI attacks; Cross Site Script Inclusion (XSSI) is [...]