Skypher » HTML

MSIE 6,7, 8 & 9 insertAdjacentElement NULL ptr

SkyLined — Mon, 12 Apr 2010 12:03:10 +0000

img=new Image(); img.insertAdjacentElement("afterEnd",img);

More details here: http://code.google.com/p/skylined/issues/detail?id=15

MSIE 8,9 (X)HTML stack exhaustion

SkyLined — Mon, 12 Apr 2010 11:45:23 +0000

Many nested tags in MSIE can cause stack exhaustion, which can crash the tab and even the entire browser.

"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

.... etc...

More details here: http://code.google.com/p/skylined/issues/detail?id=14.

MSIE 9 regular expression related crashes

SkyLined — Mon, 12 Apr 2010 11:32:07 +0000

The following code snippets will crash MSIE 9 platform review. Because this is not a stable release, but a preview of a product in development, it is expected to have a few bugs here and there – so don’t go browsing the web with it .

More details here: http://code.google.com/p/skylined/issues/detail?id=13

Internet Exploiter 2 – bypassing DEP

SkyLined — Mon, 01 Mar 2010 15:22:53 +0000

In 2005 I released Internet Exploiter 2, which helped make heap spraying popular in browser exploits. The exploit I released would not work if you had DEP turned on for MSIE. However, I also created a version of the exploit that used ret-into-libc to bypass DEP, which I never released until today.

I am releasing this because I feel it helps explain why ASLR+DEP are not a mitigation to put a lot of faith in, especially on x86 platforms. 32-bits does not provide sufficient address space to randomize memory to the point where guessing addresses becomes impractical, considering heap spraying can allow an attacker to allocate memory across a considerable chunk of the address space and in a highly predictable location. The code in this exploit shows how to abuse this to perform a ret-into-libc attack when you can predict or, through information leakage, determine the location of modules (exe, dll) in the process’ memory.

The source code, which has inline documentation, can be found here.

***UPDATE*** It appears that some people need a little more detail to figure out what is going on:

this exploit targets a bug that was already fixed in MSIE 6.0 in 2005,

This exploit does not defeat ASLR, it only shows how to defeat DEP if ASLR is disabled or if you can bypass it.

Tooltips for MediaWiki

SkyLined — Sat, 07 Mar 2009 16:58:53 +0000

I’ve create a userscript that can be used to create tooltips in MediaWiki. The best thing about it is that you do not need to install anything or modify source code; you can add it by modifying a few pages in the Wiki. Have a look here for more details and an example.

Notepad++ 5.0

Cipher — Fri, 11 Jul 2008 13:16:08 +0000

Notepad++ released 5.0 some time ago, and recently a rebuffed version. It’s looking good!

I have some small adjustments for myself and maybe for you.

[ctrl]+[enter] now opens the function suggest by default which was the QuickText Replacer. Look in the shortcutmapper for this one (#36), just clear it and you’re back to normal.

The new function hinting system is great. I wish there was a way to add () when inserting a function name, and move the cursor in the brackets. Additionally, some comment on the function’s use would be helpful on hovering.

I noticed some people were coming to my site to find out how to change the font size, well, this is easy, just hit [ctrl] and scroll your mouse!

For entering some Quicktext please see my Quicktext Wiki.

[edit]
Don’t forget to install the Quicktext plugin which you can find here.

More posts about Notepad++ can be found here: Notepad++ customization.

Chimera code

SkyLined — Sat, 03 May 2008 22:48:40 +0000

Chimera code is code that can be interpreted in more than one language. I’ve mostly found it useful when I want to have a file interpreted in one language, but for some reason that is not always easy to do. An example of this is JavaScript in a web-browser; you cannot just load it, you need an HTML file to load your script. In this case, would it not be nice if you could create your script such that it is a valid HTML file that loads itself as well as a valid JavaScript? I’ve created just that and created a wiki page for it here. I’ll add more examples when I create them.