Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
The ha.ckers.org and sla.ckers.org web application security lab house rules and a place for you to introduce yourself if you like. 

Current Page: 1 of 1
Results 1 - 13 of 13
3 months ago
Bob
Welcome. xhttp://www.google.com.
Forum: Intro
10 months ago
Bob
Just place recaptcha and a few random questions and you wont be getting bots.
Forum: Intro
1 year ago
Bob
@id Sure he did lol:http://sla.ckers.org/forum/profile.php?13,2. Ever since he left, activity from other members started rapidly decreasing.
Forum: Intro
1 year ago
Bob
lol, this site is dead there is a maximum of 2 posts per week and those are ones asking for help, this site began slowly dying ever since rsnake left, it's a shame it had so much potential.
Forum: Intro
1 year ago
Bob
It isn't vulnerable to xss.
Forum: XSS Info
1 year ago
Bob
Send me the link via pm and i'll get it done.
Forum: XSS Info
1 year ago
Bob
">yourxssgoeshere.
Forum: XSS Info
1 year ago
Bob
//delete
Forum: XSS Info
1 year ago
Bob
9. filter
I've come across a filter that removes tags if it finds any letter inside, if i place a number it goes fine. e.g <1234> works perfectly, if i try <s> nothing goes past, <123script> passes fine too. Any help would be greatly appreciated. Thanks in advanced.
Forum: XSS Info
1 year ago
Bob
Hi, i came across a filter that completely removed only < and > and allows the following characters to be used '';!--"XSS=&{()} can anyone give me examples of xss using only those characters? Thanks.
Forum: XSS Info
1 year ago
Bob
I'm new here and waited over 2 weeks for activation. Really nice community but the activity drastically reduced ever since rsnake left the scene. I'd appreciate it very much if someone could pm me his email, or any other form of contact.
Forum: Intro
1 year ago
Bob
I've been trying to bypass chrome's vector for days and i haven't succeeded, the closest i got to was:<script src=http//ha.ckers.org/xss.js></script> : is what triggers the filter after http. Anyway i found a persistent XSS on a website and i noticed the session cookie is http only, how do i bypass this on all latest browsers, if you can provide me with a working example i'd appreciat
Forum: XSS Info
1 year ago
Bob
13. CSRF
I'm aware of traditional csrf but i'm not sure how to do this. I have monitored the process when changing passwords (the old password is not required) and was able to capture the following: Host: www.example.com User-Agent:xxx/1.0 (xx xx 9.2; rv:30.0) L/39483 example/282.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding:
Forum: CSRF and Session Info
Current Page: 1 of 1