wafful.org - Web Security Blog
302 Moved Temporarily
- 2009-02-25 (Wed)
- information
http://tinyurl.com/302MovedTemporarily in Japanese.
- Comments (Close): 0
- TrackBack (Close): 0
HTML 2.0 - Browser detection [3]
- 2007-10-01 (Mon)
- BrowserDetect
New browser detection only with HTML 2.0 without any JavaScript/CSS hacks.
HTML 2.0 - Browser detection [3]
It can detect firefox2.0, firefox1.5, other Gecko engine, and Safari2, Safari3, Opera, ie, w3m, lynx, and other browsers.
Yet Another Browser detection : HTML Slash Quote 2.0
- 2007-09-28 (Fri)
- BrowserDetect
HTML Slash Quote 2.0 is a new browser detection without any JavaScript/CSS/Binary.
demo:
Browser detection[2] : HTML Slash Quote 2.0
HTML source
<img
/''src="firefox.gif"
/""src="sleipnir_gecko.gif"
"src="safari.gif"
""src="konqueror.gif"
/src="ie.gif"
src="opera.gif"
src="lynx.gif"
>
Example (lynx view)
Bibliography (thanks)
- http://d.hatena.ne.jp/hoshikuzu/20070925#p1 (in Japanese)
- http://d.hatena.ne.jp/hasegawayosuke/20070928/p1 (in Japanese)
New Browser detection : Web 2.0 HTML Hacks
- 2007-09-27 (Thu)
- BrowserDetect
New browser detection only with HTML 2.0 without any JavaScript/CSS hacks.
Demo:
Browser detection : HTML 2.0 only (demo)
Example
perl -e 'print<<EOF
<img x=` s\x00rc="safari2.gif" ` sr\x00c="ie.gif"
src\x00="webkit.gif" src\x0c="opera.gif"
src="gecko.gif" src="lynx.gif" />
EOF'
PHP code in GIF image file
- 2007-08-04 (Sat)
- ImageFight
Recently it was reported that some picture files buried within the attack code of PHP was discovered on the major hosting site.
The RFI attack of PHP code can be buried within GIF, PNG, JPEG, and other picture files.
PHP code in GIF image file (sample)
phpinfo.gif
include.php
<h1>PHP/GIF include demo</h1>
<?php
include("./phpinfo.gif");
?>
Result
- Feeds