Drag and Drop XSS in Firefox by HTML5 (Cross Domain in frames)

Bug has been reported/NoScript users are safe

First of all, this vulnerability and the related techniques have already been reported to Mozilla on 21st Nov 2011, without having any specific result till the date of this report (issue ID 704354 – works on all the latest versions which support HT

From:http://blog.anantshri.info/chrome-extensions-for-security-professionals/

During Recent days we have seen a phenomenal increase in usage of Google Chrome Browser, however Security Professionals are still looking at Firefox for there day to day life usage, the basic reason behind it is large set of

很多人在挂0day时一不小心就被安全公司截获了样本，有些时候，如果你实在bypass不了某款安全软件的检测的话，那么就绕着它走吧。

虽然可能打不中目标，但也比0day被抓了去要好。

比如下面的POC：

<html><body>

<div id=sH style='display:none'><img src="symres:sb_nortoncertified.png" onerror="alert('Norton not Installed.')" onload="alert('Norton Installed!')"></img></div>

</body></html>

老早的东西了，忘记以前谁给我的了，比较简单，单纯的trace而已，当然不如DOMinator好用。

DownlLoad:

https://rapidshare.com/files/3687281109/domtracer.xpi

While strolling through mysql.com I came across this page.

There you can view the possibility of the bitwise function right shift.

A bitwise right shift will shift the bits 1 location to the right and add a 0 to the front.

Here is an example:

mysql> select ascii(b'00000010'); +--------------------+| ascii(b'00000010') |+--------------------+ | 2 |+--

黑哥果然够猥琐

话说开始我还以为BOM是BrowserObjectModel(浏览器对象模型)的缩写，google了一圈之后才发现原来还有这么个东西，以前还真没注意过。