Julian Berton

Hey, I'm Julian Berton, author of this blog, organiser of the OWASP Melbourne chapter and Application Security Engineer at seek.com.au. I also regularly speak at events and train technology professionals about all things application security!

Bypassing XSS Filters with Scalable Vector Graphics (SVG)

13 Oct 2014

When you are performing a pen test or participating in a bug bounty program, sometimes you are confronted by a Web Application Firewall (WAF) designed to block malicious payloads. To properly identify and exploit a Cross-site Scripting vulnerability you will need to find a way around it! This article demonstrates a method of creating an SVG based payload to bypass those pesky WAF’s.

Read More
Newer Articles
Page 2 of 2