Resources

People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!

What is an iFrame Buster: "iFrame Busters are HTML files hosted on publisher sites which allow ad creatives to extend outside of their standard boundaries".

Essentially, ads are creating XSS vulns in sites. These iFrames Busters used regex's to validate that only a proper domain was allowed. But, these regex's could be abused.

The XSS is created by allowing any site to load scripts.

Most of the vulnerabilities come from a bad whitelist regex function.

The last vulnerability in here described is pretty clever! He double encodes the URL to escape the check for periods, how to access files. Further, he uses the # sign at the end to negate the rest of the payload. Clever!