Article ideas

I was thinking about writing another article next week or something; but what would you guys like me to write about?

I suppose XSS is what I know best, so if you have any questions about it just post them here and I'll try to write an article with good answers :happy: Other topics are of course okay as well, but as you understand I'm not a master of everything related to hacking x)

Go ahead and post, no question is too lame or too strange ^^

I have actually been playing with xss, and i enjoy playing on sites with it. any info would help. I will definitely be waiting to read this.

yours31f wrote: I have actually been playing with xss, and i enjoy playing on sites with it. any info would help. I will definitely be waiting to read this. Great, but could you please specify what you would like to know? :happy:

Uber0n wrote: I was thinking about writing another article next week or something; but what would you guys like me to write about?

I suppose XSS is what I know best, so if you have any questions about it just post them here and I'll try to write an article with good answers :happy: Other topics are of course okay as well, but as you understand I'm not a master of everything related to hacking x)

Go ahead and post, no question is too lame or too strange ^^

Well you already started with very good article on the cookie stealing, but surely nice thing to see would be advanced filter evasion techniques, up to date and practically applicable. Another nice article, would be expanding of xss exploiting, not just cookie stealing, so zombie manager, xss shell, xss tunneling. That is just from top of my head, will edit as soon as I get more ideas:happy::happy:

yep, thats about what i was going to say. maybe some session stealing

Well, like you said XSS is what you know best.. so why not a big in depth article about XSS.

You could start with basics and gradually get more advanced. Maybe explain a little about what's actually happening when the XSS is being used, rather than just what XSS is being used and what to try… always good to know why something works rather than just knowing that it does work.

But not just like the crappy explanation of XSS that you can find with a quick google search. You know it well, so teach it well :)

clone4 wrote: Well you already started with very good article on the cookie stealing, but surely nice thing to see would be advanced filter evasion techniques, up to date and practically applicable. Another nice article, would be expanding of xss exploiting, not just cookie stealing, so zombie manager, xss shell, xss tunneling. That is just from top of my head, will edit as soon as I get more ideas:happy::happy: Okay, so here are two good ideas ^^ "Filter evasion" and "Different uses of XSS" anything more?

x_5631 wrote: Well, like you said XSS is what you know best.. so why not a big in depth article about XSS. Well, I think it's better to split it into many separate articles to make it easier for the reader to find the right thing :) Also, a very long article has a bigger risk of getting boring ^^

Uber0n wrote: Well, I think it's better to split it into many separate articles to make it easier for the reader to find the right thing :) Also, a very long article has a bigger risk of getting boring ^^

but seperate articles may cause people to skip some thinking they know it making it confusing afterwards or something stupid.. or it may cause the information to flow less well. (That almost sounded like I was trying to argue, I was just pointing out why I suggested that lol :) )

and Yeah, I guess you're right with the boredom thing.. unless you like.. cateogorised and seperated it… in which case I suppose it may as well be seperate articles. :P

Sweet. Another Uber0n article. I always look forward to these. I'm going to have to agree with most of the people in this thread that you should stick with XSS because… well… you know it. I'm sure you know tons more, but from what I've heard, XSS is your forte.

In my opinion, you should skip anything basic in your article. It has been covered before. A lot. Maybe a short intro of sorts, but if people want basic, they can check out the other 50 articles on it.

Personally, I would like to see an article on different uses of XSS, much like clone4 suggested. Filter bypassing is also a fun concept, but there's a lot to it. If you don't pay attention your could end up with a long list of examples that show rather than teach. Nothing against RSnake, but his cheatsheet is usually the deathbed for people trying to learn about XSS. They see the comprehensive list and quit learning because it's so easy to copy/paste.

Anyway. Good luck, and have fun with it. If you need/want a proofreader, I'm always glad to help.

x_5631 wrote: (That almost sounded like I was trying to argue, I was just pointing out why I suggested that lol :) ) No need to excuse yourself ;) you have a point there, but I think I'll stick to separate articles anyway.

Futility wrote: In my opinion, you should skip anything basic in your article. It has been covered before. A lot. Maybe a short intro of sorts, but if people want basic, they can check out the other 50 articles on it. Very true.

Nothing against RSnake, but his cheatsheet is usually the deathbed for people trying to learn about XSS. They see the comprehensive list and quit learning because it's so easy to copy/paste. I agree. But maybe I'll try to go for an explaining article teaching you how to evade filters yourself instead of using premade examples ;)

Anyway. Good luck, and have fun with it. If you need/want a proofreader, I'm always glad to help. Thanks :)

And when you get a chance CSRF would be nice article to read about coming from you.

fallingmidget wrote: And when you get a chance CSRF would be nice article to read about coming from you. Good idea; I suppose that could be put under "Different uses of XSS", but maybe it'd be better as a separate article ^^