Web Application Security Forum - OMG Ponies

reverse shells (no replies)

Anarchy Angel — Mon, 15 Apr 2013 21:31:33 -0500

there used to be a thread here somewhere that gave lots of good one liners and such for opening bind and reverse shells but i cant find it. would anyone happen to have it as a favorite or something? :D thanx

Did you know? (3 replies)

Kyran — Thu, 18 Apr 2013 01:36:56 -0500

About 9 out of every 10 people, make up 90% of the population?

SXSW (no replies)

id — Sun, 17 Feb 2013 12:31:09 -0600

Anyone coming out to Austin next month for SXSW?

Xss wafbypass 2012[New]+detailed process of webpage rendering (no replies)

Vaibs — Mon, 29 Oct 2012 08:00:14 -0500

Xss waf bypass using non-alphanumeric characters.Generate alert without using characters or numbers.
+
Detailed process for webpage rendering for begineers who want to go for XSS.

here is the link
http://adf.ly/E81iz

Design your own gene, protein and virus circuits with biobricks (1 reply)

SAS — Fri, 22 Mar 2013 15:24:28 -0500

Design your own genes, proteins, virus circuits with biobricks.

http://partsregistry.org/Catalog
http://www.neb.com/nebecomm/products/productE0546.asp
https://www.dna20.com/genedesigner2/

How cool is that?

What kind of hash to decode? (no replies)

wuami — Tue, 21 Aug 2012 08:39:20 -0500

Help please?

Query: select concat_ws(0x3a,username,passhash,secret) from users

tripletour24:c4eba1f68dec1b4b22104f5bb96ebd63:jryK5H2Epr8geL7V5eWy
st2000:17949a2891a6a4dad7232ad5145c8a94:OxxVQ1wvFZsXe8DiEvyU
McDalglish:16fc7fdbb5093ef979cf4537a01fb71a:ZWOpOxWVCiFnZtjMS3Kk
p461026:82705c31f2ea87355eff5705400193d8:BydTg4EmX6s3dPcou2j4

Problem solving (no replies)

Skyphire — Thu, 16 Aug 2012 16:50:28 -0500

Crack This Encrypted File? (8 replies)

idisappear — Tue, 16 Apr 2013 01:52:37 -0500

I uploaded the file here. It is an mp3.
http://oron.com/1q9ldecq6xvx
Using a hex editor, the song name and album name can be seen without cracking the file. I know the password is something easy that is on popular password lists.

What I do not know is how to identify what type of encryption this is or how to apply a dictionary file to it to crack it. Can anyone crack this and explain that?

research-friendly hosting/registrar? (1 reply)

Albino — Mon, 18 Jun 2012 19:27:38 -0500

What companies do you use to host your pocs&tools? Are there any in particular that are both secure and unlikely to throw a fit if you host a proof of concept?

OpenBSD? (8 replies)

idisappear — Fri, 03 Aug 2012 17:42:02 -0500

I recall reading (in the introductions) that id and rsnake prefer OpenBSD. I am looking to learn programming and it seems I might be best served if I get comfortable with an open source, non-UNIX-based operating system.

In the past, I have installed and used Ubuntu and messed around with it for about a month, but never did anything heavy with it. Is OpenBSD a bad idea for someone who is not proficient with Linux? Is it a bad idea for a first operating system?

Secondly, as security lovers, how do you reconcile your choice with this news?

http://news.cnet.com/8301-31921_3-20025767-281.html

Are the authors of those articles overlooking something? Blowing things out of proportion? Can I just delete the encryption software after I install OpenBSD and eliminate the prospect of any backdoor problems?

What advantages are there to OpenBSD? Why not Ubuntu? Why not Fedora Core? Why not FreeBSD? I don't intend to host a website or run a server. Does that make OpenBSD a less a sensible choice for me? I want to learn about security and programming. Of course, being secure is always nice too.

Can I dual boot OpenBSD with Windows? Is it known to install well on most hardware without troubleshooting? Is there a good chance that a beginner would be able to get on the internet? Have any thoughts about OpenBSD's detection of modern wireless cards on laptops? I am considering installing it on a laptop.

Choosing a College Major (4 replies)

idisappear — Fri, 30 Mar 2012 10:06:49 -0500

Security and finding ways to breach it interests me. I do not have much knowledge about it at all, but dabbled in rudimentary XSS enough to know how to get into some stuff.

One college major that has loads of scholarships everywhere is Cybersecurity. Upon first glance, the label sounds exciting and I could use scholarships. When I looked at some of the required courses for the major, it looked like some courses were training for law enforcement. If a kidnapper was endangering innocent hostages, I would be happy to engage in tracking mission. Unfortunately, I see law enforcement as a shady field. The Department of Homeland Security is violating civil liberties and it scares me. Prohibition and drug wars are a mess. Censorship attempts are piling in. Unwinnable wars are not being openly admitted. I refuse to put some frail hacker geek in prison with rapists and killers. I could continue for hours. Basically, I think the government is too backwards for me to consider working for them. I would rather work for a private company. Do you think Cybersecurity is good major for job opportunities in the private sector?

Laptop Preference (7 replies)

idisappear — Tue, 27 Mar 2012 20:59:26 -0500

I want to buy a laptop computer and suspect that if anyone knows what they are talking about, it is the participants here. Has anyone had a positive experience with a particular manufacturer? Who do you recommend? I am looking for a manufacturer that does not have a reputation for hardware failures. Durability matters.

Apple is out of the question because the price is too high.

In case this matters for judging customer support, I am located in the United States. Do you think refurbished laptops are generally worth the risk or does that typically depend on the specific deal?

Is there anywhere you recommend for a good price? Tiger Direct? Google Shopping comparison? Newegg? Best Buy?

For me, the larger the screen size is, the better. Would you personally prefer not to have a 17.3" screen because it is a battery hog? What is your screen size preference? What are your thoughts, if any, about the trade-off between screen size and battery life?

so,can you guys help to root it? (4 replies)

DebugZer0 — Thu, 26 Jan 2012 22:02:45 -0600

hello guys,there is a server and I`ve already got the webshell,the os is linux and kernel version is 2.6.18-92 and i have tried all the exploits on internet but cannt get root of it,any ideas ?

Evolution of a programmer (2 replies)

Skyphire — Wed, 18 Jan 2012 21:04:55 -0600

This is an old one, but still funny.

High School/Jr.High

Quote

10 PRINT "HELLO WORLD"
20 END

First year in College

Quote

program Hello(input, output)
begin
writeln('Hello World')
end.

Senior year in College

Quote

(defun hello
(print
(cons 'Hello (list 'World))))

New professional

Quote

#include
void main(void)
{
char *message[] = {"Hello ", "World"};
int i;

for(i = 0; i < 2; ++i)
printf("%s", message);
printf("\n");
}

Seasoned professional

Quote

#include
#include

class string
{
private:
int size;
char *ptr;

string() : size(0), ptr(new char) { ptr = 0; }

string(const string &s) : size(s.size)
{
ptr = new char size + 1;
strcpy(ptr, s.ptr);
}

~string()
{
delete ptr;
}

friend ostream &operator <<(ostream &, const string &);
string &operator=(const char *);
};

ostream &operator<<(ostream &stream, const string &s)
{
return(stream << s.ptr);
}

string &string::operator=(const char *chrs)
{
if (this != &chrs)
{
delete ptr;
size = strlen(chrs);
ptr = new char;
strcpy(ptr, chrs);
}
return(*this);
}

int main()
{
string str;

str = "Hello World";
cout << str << endl;

return(0);
}

Master Programmer

Quote

uuid(2573F8F4-CFEE-101A-9A9F-00AA00342820)

library LHello
{
// bring in the master library
importlib("actimp.tlb");
importlib("actexp.tlb");

// bring in my interfaces
#include "pshlo.idl"

uuid(2573F8F5-CFEE-101A-9A9F-00AA00342820)

cotype THello
{
interface IHello;
interface IPersistFile;
};
};

exe,
uuid(2573F890-CFEE-101A-9A9F-00AA00342820)

module CHelloLib
{

// some quote related header files
importheader();
importheader();
importheader();
importheader("pshlo.h");
importheader("shlo.hxx");
importheader("mycls.hxx");

// needed typelibs
importlib("actimp.tlb");
importlib("actexp.tlb");
importlib("thlo.tlb");

uuid(2573F891-CFEE-101A-9A9F-00AA00342820),
aggregatable

coclass CHello
{
cotype THello;
};
};

#include "ipfix.hxx"

extern HANDLE hEvent;

class CHello : public CHelloBase
{
public:
IPFIX(CLSID_CHello);

CHello(IUnknown *pUnk);
~CHello();

HRESULT __stdcall PrintSz(LPWSTR pwszString);

private:
static int cObjRef;
};

#include
#include
#include
#include
#include "thlo.h"
#include "pshlo.h"
#include "shlo.hxx"
#include "mycls.hxx"

int CHello::cObjRef = 0;

CHello::CHello(IUnknown *pUnk) : CHelloBase(pUnk)
{
cObjRef++;
return;
}

HRESULT __stdcall CHello::PrintSz(LPWSTR pwszString)
{
printf("%ws
", pwszString);
return(ResultFromSquote(S_OK));
}

CHello::~CHello(void)
{

// when the object count goes to zero, stop the server
cObjRef--;
if( cObjRef == 0 )
PulseEvent(hEvent);

return;
}

#include
#include
#include "pshlo.h"
#include "shlo.hxx"
#include "mycls.hxx"

HANDLE hEvent;

int _cdecl main(
int argc,
char * argv[]
) {
ULONG ulRef;
DWORD dwRegistration;
CHelloCF *pCF = new CHelloCF();

hEvent = CreateEvent(NULL, FALSE, FALSE, NULL);

// Initialize the OLE libraries
CoInitializeEx(NULL, COINIT_MULTITHREADED);

CoRegisterClassObject(CLSID_CHello, pCF, CLSCTX_LOCAL_SERVER,
REGCLS_MULTIPLEUSE, &dwRegistration);

// wait on an event to stop
WaitForSingleObject(hEvent, INFINITE);

// revoke and release the class object
CoRevokeClassObject(dwRegistration);
ulRef = pCF->Release();

// Tell OLE we are going away.
CoUninitialize();

return(0); }

extern CLSID CLSID_CHello;
extern UUID LIBID_CHelloLib;

CLSID CLSID_CHello = { /* 2573F891-CFEE-101A-9A9F-00AA00342820 */
0x2573F891,
0xCFEE,
0x101A,
{ 0x9A, 0x9F, 0x00, 0xAA, 0x00, 0x34, 0x28, 0x20 }
};

UUID LIBID_CHelloLib = { /* 2573F890-CFEE-101A-9A9F-00AA00342820 */
0x2573F890,
0xCFEE,
0x101A,
{ 0x9A, 0x9F, 0x00, 0xAA, 0x00, 0x34, 0x28, 0x20 }
};

#include
#include
#include
#include
#include
#include "pshlo.h"
#include "shlo.hxx"
#include "clsid.h"

int _cdecl main(
int argc,
char * argv[]
) {
HRESULT hRslt;
IHello *pHello;
ULONG ulCnt;
IMoniker * pmk;
WCHAR wcsT[_MAX_PATH];
WCHAR wcsPath[2 * _MAX_PATH];

// get object path
wcsPath[0] = '\0';
wcsT[0] = '\0';
if( argc > 1) {
mbstowcs(wcsPath, argv[1], strlen(argv[1]) + 1);
wcsupr(wcsPath);
}
else {
fprintf(stderr, "Object path must be specified\n");
return(1);
}

// get print string
if(argc > 2)
mbstowcs(wcsT, argv[2], strlen(argv[2]) + 1);
else
wcscpy(wcsT, L"Hello World");

printf("Linking to object %ws\n", wcsPath);
printf("Text String %ws\n", wcsT);

// Initialize the OLE libraries
hRslt = CoInitializeEx(NULL, COINIT_MULTITHREADED);

if(SUCCEEDED(hRslt)) {

hRslt = CreateFileMoniker(wcsPath, &pmk);
if(SUCCEEDED(hRslt))
hRslt = BindMoniker(pmk, 0, IID_IHello, (void **)&pHello);

if(SUCCEEDED(hRslt)) {

// print a string out
pHello->PrintSz(wcsT);

Sleep(2000);
ulCnt = pHello->Release();
}
else
printf("Failure to connect, status: %lx", hRslt);

// Tell OLE we are going away.
CoUninitialize();
}

return(0);
}

Apprentice Hacker

Quote

#!/usr/local/bin/perl
$msg="Hello, world.\n";
if ($#ARGV >= 0) {
while(defined($arg=shift(@ARGV))) {
$outfilename = $arg;
open(FILE, ">" . $outfilename) || die "Can't write $arg: $!\n";
print (FILE $msg);
close(FILE) || die "Can't close $arg: $!\n";
}
} else {
print ($msg);
}
1;

Experienced Hacker

Quote

#include
#define S "Hello, World\n"
main(){exit(printf(S) == strlen(S) ? 0 : 1);}

Seasoned Hacker

Quote

% cc -o a.out ~/src/misc/hw/hw.c
% a.out

Guru Hacker

Quote

% echo "Hello, world."

New Manager

Quote

10 PRINT "HELLO WORLD"
20 END

Middle Manager

Quote

mail -s "Hello, world." bob@b12
Bob, could you please write me a program that prints "Hello, world."?
I need it by tomorrow.
^D

Senior Manager

Quote

% zmail jim
I need a "Hello, world." program by this afternoon.

Chief Executive

Quote

% letter
letter: Command not found.
% mail
To: ^X ^F ^C
% help mail
help: Command not found.
% damn!
!: Event unrecognized
% logout

Anonymous

Happy New Year (8 replies)

id — Sun, 15 Jan 2012 19:46:47 -0600

Happy new year fellow sla.ckers.

cheers

A hidden message from Amazon (1 reply)

infinity — Fri, 30 Dec 2011 10:50:54 -0600

Hi,

this is not new, but I thought I post it here, because some of you may enjoy decrypting a little secret message. At the beginning of this year Amazon started some kind of mail service and an interesting picture has been published somewhere on their website. You can find and download the file here:

http://awsmedia.s3.amazonaws.com/ses_hero_lg.png

The picture shows a mail envelope with a stamp in the top right corner. The stamp is the interesting part, it contains sequences of 1s and 0s. Can you find out, if there is a message hidden in the stamp?

To save you the time of transferring the numbers from the stamp manually I have added them here for you:

00101110 01111010 01101110
01100011 01100110 00100000
01100001 01101110 01110101
01100111 00100000 01100101
01110010 01100111 01100111
01110010 01101111 00100000
01100110 01110110 00100000
01100001 01100010 01110000
01101110 01101111 00100000

Have fun!

Drone (5 replies)

Skyphire — Fri, 30 Dec 2011 08:06:07 -0600

LOL

http://www.chimericawar.org/latest_news/2011/12/Update___RQ_170_Beast_of_Khandahar

And seriously... I don't get it why some are worried if Iran has "captured" a drone. Anti-radar technology isn't super-secret at all.

1. Deflect radar waves through curved surfaces.
2. Minimize heat output for infrared stealth.
3. Minimize mass (confuse radar signature)
4. Wave absorption paint
5. Con-trailing aluminum particles.
6. Jamming.
7. etc...

No reverse engineering needed. Give me 10 million $ and I produce a drone. ;-)

edit: added link.

The greatest thing about the internet... (11 replies)

thrill — Wed, 11 Jul 2012 03:41:16 -0500

Is that it has a very long memory..

So if I were to link http://www.linkedin.com/in/bobwtsn and quoted this as his accomplishments:

Quote

Designed and implemented a 3 layer high availability network using VLANs and converted a large single collision domain network to a more manageable segmented network.

Which actually he did no such thing.. I should know since I am the one who re-designed and implemented these things during my tenure there between 2001-2004, this will now forever be etched into the Internet's memory banks.. regardless of how he decides to edit his 'accomplishments'.. oh, and I am very curious to find out what 'security' he used to secure his 'secure wireless network' during that time since only WEP was available then.. maybe it was a super-hard-to-guess-password(tm) technology that I am unaware of.. ha!

Now.. the one question I do have though is: What were the 3 layers? Chocolate, vanilla and.... ??? I can't think of what it could have been.. ;)

Predicting a result value from an input integer (3 replies)

madhu — Thu, 15 Dec 2011 05:54:12 -0600

An interesting prediction question.

I have a few integer numbers and applying some "unknown" logic to it results in
corresponding alphanumeric value. The following are a few sample input integer
values & the resulting alphanumeric value. Can you predict the possible "unknown"
logic ?

189558 -> 34DH7QMF
192360 -> 34LI6WAH
192382 -> 34DNN85C
192441 -> 3467PH7X
192478 -> 34JM0DTS
192699 -> 34KP3BCR

Breivik cypher (1 reply)

Skyphire — Thu, 11 Aug 2011 16:01:10 -0500

Is the Norwegian killer hiding something? are those cyphered GPS codes? or are they encoded .onion addresses? or simply tripcodes? or passwords for the USB sticks he plastered in his wall?

http://36.134.-5.453plusf64:IKpldlt249731798277??
http://40.375.-3.768subf62:OKblmcw394717197273??
http://40.452.-3.709plusf58:LEzpkor737874243928??
http://43.294.5.381subf12:Nbvbege966589423576??
http://43.317.5.383subf85:Oxojllw754896853415??
http://45.768.4.830plusf32:Qiokyis489273561938??
http://46.951.7.437plusf19:ZLdgrly387716981091??
http://47.372.8.539subf94:LCngckt463136616341??
http://48.134.11.570plusf64:WOswdtr416413867193?A
http://48.200.16.356subf37:ILmeavp123271869374??
http://48.210.16.369plusf72:CUfmled614187191364??
http://48.583.7.754plusf51:Kjzapqk565389921175??
http://48.597.7.722subf96:HHlmjkc956368426722??
http://48.864.2.327subf37:KTynmwf396737684766??
http://48.866.2.306subf54:LWpprvt125662489953??
http://48.871.2.310plusf65:JEockwk658246375668??
http://50.123.8.666plusf42:RSckyns849828171339??
http://50.832.4.364subf48:KEmhitf867483597136??
http://50.854.4.346plusf08:MFmtwzl673468422??
http://50.868.4.329subf52:ISpllev132873183786A?
http://51.051.3.731subf16:MDolluo971717348139??
http://51.195.4.424plusf14:QKioces813876008242??
http://51.489.-0.140plusf35:OQrekqx638547721565??
http://51.501.-0.096subf94:OWgwvkp618746656659??
http://51.517.-0.083plusf95:QEopjnn365893154526??
http://51.517.-0.083plusf95:QEopjnn365893154526??
http://51.883.-0.407subf41:LEocmje681673499621??
http://51.914.4.452subf33:OSxikih662187178719??
http://51.927.4.463subf18:EFlqxma713369592384??
http://52.068.4.309plusf24:KWimfhh436383717863??
http://52.087.5.054plusf94:PBmluvt813218971489??
http://52.094.5.120plusf13:QIwqcku617898918787??
http://52.367.9.741subf39:MFthkko981463710363??
http://52.374.4.873subf93:XOmlosa487987172719??
http://52.491.13.351subf93:XLlymxo638971763265??
http://52.528.13.393plusf91:AIsmuck789717881861??
http://52.571.13.320subf02:LRdpxjk781698196548??
http://53.415.-2.973plusf37:OHawrpc639174173148??
http://53.485.-2.260plusf67:OVpktrj211158769438??
http://53.554.10.022plusf75:DTpqdck196754674448?A
http://57.703.11.966subf55:OSlecqs136548171343??
http://59.334.18.097plusf87:RQqljii569218397413??
http://59.337.18.056subf19:RCpljub684165144671??
http://59.346.18.048plusf36:PJwojkw568423541554??
http://59.911.10.738subf36:EMlpoga918318646547??
http://59.911.10.748plusf67:PSkrhkc631974631849??

The cracking is going on here: http://analysis.no.net/wiki/index.php/Main_Page

Team (6 replies)

narutoo — Fri, 01 Jul 2011 11:59:40 -0500

Anyone want make a Defacing team? Because i want =)

PM me , for msn.

LulzSec Lulz (18 replies)

Skyphire — Mon, 14 May 2012 20:40:41 -0500

Remember lulzsec, he hacked this and that and some other stuff. Interesting to see that they fail to come up with some original ASCII art. They simply c/p'ed it from some ASCII art website. Hmmm... I wonder what else they c/p'ed? a bunch of 0day's?

LulzSec "art": [pastebin.com]

.--    .-""-.
.   ) (     )
.  (   )   (
.     /     )
.    (_    _)                     0_,-.__
.      (_  )_                     |_.-._/
.       (    )                    |lulz..\    
.        (__)                     |__--_/          
.     |''   ``\                   |
.     | [Lulz] \                  |      /b/
.     |         \  ,,,---===?A`\  |  ,==y'
.   ___,,,,,---==""\        |M] \ | ;|\ |>
.           _   _   \   ___,|H,,---==""""bno,
.    o  O  (_) (_)   \ /          _     AWAW/
.                     /         _(+)_  dMM/
.      \@_,,,,,,---=="   \      \\|//  MW/
.--''''"                         ===  d/
.                                    //   SET SAIL FOR FAIL!
.                                    ,'_________________________
.   \    \    \     \               ,/~~~~~~~~~~~~~~~~~~~~~~~~~~~
.                         _____    ,'  ~~~   .-""-.~~~~~~  .-""-.
.      .-""-.           ///==---   /`-._ ..-'      -.__..-'
.            `-.__..-' =====\\\\\\ V/  .---\.
.                     ~~~~~~~~~~~~, _',--/_.\  .-""-.
.                            .-""-.___` --  \|         -.__..-

Original here: [www.chris.com]

--    .-""-.
   ) (     )
  (   )   (
     /     )
    (_    _)                     0_,-.__
      (_  )_                     |_.-._/
       (    )                    |_--..\
        (__)                     |__--_/
     |''   ``\                   |
     |        \                  |      /b.
     |         \  ,,,---===?A`\  |  ,==y'
   ___,,,,,---==""\        |M] \ | ;|\ |>
           _   _   \   ___,|H,,---==""""bno,
    o  O  (_) (_)   \ /          _     AWAW/
                     /         _(+)_  dMM/
      \@_,,,,,,---=="   \      \\|//  MW/
--''''"                         ===  d/
                                    //
                                    ,'__________________________
   \    \    \     \               ,/~~~~~~~~~~~~~~~~~~~~~~~~~~~
                         _____    ,'  ~~~   .-""-.~~~~~~  .-""-.
      .-""-.           ///==---   /`-._ ..-'      -.__..-'
            `-.__..-' =====\\\\\\ V/  .---\.
 PGMG                 ~~~~~~~~~~~~, _',--/_.\  .-""-.
                            .-""-.___` --  \|         -.__..-

So much for that l33tness. Set to fail, indeed.

There might be a chance they were reckless and were broadcasting their IP when c/p'ing it. One always leave tracks. Matter of correlating stuff. Anyway, worth to try if I were the EF/BEE/EYE .^.^.

Padding Oracle Attack with always 200 response (1 reply)

p0deje — Thu, 28 Apr 2011 06:17:01 -0500

Hello,

I currently pentest ASP.NET application and trying to exploit Padding Oracle Attack. Those AFAIK are based on response code analysis, but both ScriptResource and WebResource axds of the system under test always response with 200 OK, even if cipher has been invalid. In this case, however, the content of the response is an empty string.

So, the question is if it's possible to use any of the axd as the oracle in this case? Maybe basing on response content difference.

Demo new tool + video. (13 replies)

Skyphire — Mon, 04 Apr 2011 09:44:47 -0500

Hi.

Just launched a preview of my new tool: Photon Suite, it's an extension for Firefox with some useful tools such as a port-scanner, reconnaissance tools, a DNS tool, directory miner, application tester, source code analyzer, cryptographic tools, converters and a full blown console.

I've demoed it on some idiot who tried to attack a client of mine last night, and now I pretty much own all his boxes. To see the video check it here:

http://www.youtube.com/watch?v=BCeAigdixTM

I will not release it at the Mozilla add-on website, because I don't think they will accept such extension, it's pretty wicked stuff. It's release will be next month, since I need to work on it a bit more. I'll post it here when I'm ready. Hope you'll enjoy it.

Cheers,

Sasha.

Server hiccups (2 replies)

Kyo — Thu, 20 Jan 2011 11:03:10 -0600

Glad the forum's back up running, as I'm finding myself in one of those phases that I'm actually active on here.

Anyways, this link is dead:
http://ha.ckers.org/weird/minimalistic-ui-issues.html

Mobile Device Forum Section? (4 replies)

Mephisto — Sat, 18 Sep 2010 13:25:46 -0500

What are the odds of adding a "Mobile Devices" section to the forums to discuss iPhones, Androids, etc... and the apps that run on them?

Mind to share a downloadable ebook here? (3 replies)

jaya28inside — Sun, 19 Sep 2010 21:46:39 -0500

Sorry for this topic questioned, and correct me if I'm wrong.
since I haven't found it yet from our forums.

Is it okay if we do posting for sharing
any kind of ext. link for downloading the ebook
for this security topics?

I'm afraid moderator limiting this kind of action. :D

Getting content of iFrame file:// (3 replies)

p0deje — Sun, 12 Sep 2010 18:49:34 -0500

Hi everybody.

Can anybody explain me why Opera and IE still allows reading of iframe with file:// src from the html of same protocol (whereas Firefox and Chrome forbids it)? Cause if user saves the page with such iframe locally and opens it, JS can read its innerHTML and send it anywhere.

P.S. Curious: local open of html file with in Safari Win leads to executing explorer.exe with C:\WINDOWS location. lol

I have question on virtual machine. (7 replies)

the_master — Sat, 19 Feb 2011 16:45:49 -0600

Hi,
And my question is:
How I will know somebody run on virtual machine?
there have identifying marks?
tnx

Blackberry's Choice (5 replies)

darknessends — Sun, 05 Sep 2010 16:23:13 -0500

[ This is a discussion oriented thread ]

Hey Guys,

These days i am looking at the smartphone era to begin, perhaps we are going to see the firefox in end to be ported to android.....too. lol

We ll also be looking forward to XSS, CSRF targeting them too. he he

I think there are mainly 3 contenders in this market, iPhone, Android, and the Windows7 OS to come.

Palm's WebOS is having lot less market share to do that. BADA OS from Samsung is kiddie. Now its blackberry's move, they have to leave their OS and turn to someone to keep a balance of their market share, OS is becoming a great attraction to phone users these days. BlackBerry's got a lot of fan following, good QWERTY phones, but not a great OS, i read it somewhere that they may move to android too, making blackberry apps work on android.

So what you guys think, I personally think blackberry can in coming years move to shake hands with microsoft. I ll like to know your thoughts on it.