I was checking the Planet WebSec feed this morning (BTW, Christ1an must have something personal against me, as he told me he was about to add my blog one month ago…)
Both were about a sort of (un?)official challenge to find XSS vectors capable of bypassing the famous PHPIDS tool, a game both Sirdarckcat and I already found quite funny in the beginning of past July and, according to Mario Heiderich, helped him in hardening his PHPIDS filters.
At any rate, Sirdarckcat’s post ended like this:
I’m sure that Gareth Heyes, and Giorgio Maone will be the next to find some vectors
Wow, so there’s a party and sounds like I’m officially invited ;)
OK, let’s bring in some beer:
Notice that — quite obviously — you will need to disable NoScript (or at least disable its anti-XSS protection and allow both hackademix.org and php-ids.org), if you want to get some joy from the links above.