Friday, January 12, 2007

XSS in Blogspot

Yesterday RSnake posted about a ``XSS'' hole in Blogger. I don't really think it's XSS if you can only inject on your own blog, but whatever. It didn't sound too interesting that it was safari-only either, so I decided to extend the exploit to MSIE and Firefox, so here it is:

For the exploit I use that Firefox actually parses comments correctly and that MSIE has support for conditional comments.

Kudos to Jose Avila for the original exploit.

Friday, January 5, 2007

Month of the Apple Bugs

I have a few hippie friends who use a Mac. They used to claim their OS was safer, but now they can't anymore ;). It's the Month of the Apple Bugs. But since I like my RSS reader I decided to make a feed, enjoy!