Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
The ha.ckers.org and sla.ckers.org web application security lab house rules and a place for you to introduce yourself if you like. 

Current Page: 1 of 1
Results 1 - 8 of 8
4 years ago
Robert Chapin
I'm getting spammed with links to an Adobe XSS that looks like connectusers.com/community/profile/whoever/ Nothing fancy involved, just raw HTML injected into profiles. Since it's being actively exploited I thought you guys would enjoy looking at it.
Forum: Full Disclosure
5 years ago
Robert Chapin
corollary : Google Language Tools + Anonymous Googlebot Injection = More XSS Proof of concept http://translate.google.com/translate?u=http%3A%2F%2Fforums.xmbforum.com%2Ffiles.php%3Fpid%3D1361320%26aid%3D20275&sl=en&tl=es&hl=en&ie=UTF-8 Edit: Don't be fooled by the frameset in there. The demonstration simply shows the payload need not be cached or indexed.
Forum: XSS Info
5 years ago
Robert Chapin
Anonymous Googlebot Injection Consider situations in which agents should *never* treat an HTTP response as an HTML entity. Examples include response headers "Content-Disposition: attachment" which indicates the entity is not same-origin, and "Content-Type: application/binary" which indicates the entity is executable or has no format. According to Google's own documentati
Forum: XSS Info
5 years ago
Robert Chapin
Fun with IE6 <img src=`&#14&#106&#97va&#9&#115&#99ript&#58ale&#114t&#47&#x2a&#102" alt="" /> <div id=&#42&#x2f&#13&#40&#47 XSS1 &#47&#46source&#41 <alert(/xss2/) <!-- alert(/WTF XSS3/)`--> I wanted to see how many cheats I could combine with irrelevant obfuscation. In the
Forum: XSS Info
5 years ago
Robert Chapin
"The sad part is that Yahoo! didn&#8217;t adopt any policy whatsoever regarding this kind of problems. They dont admit they have a problem, nor do they give any credits to those who find them. Following in the footsteps of other sites, Yahoo! could learn to gain from this. Vast majority of those who find bugs don&#8217;t disclose them anymore precisely for the fact that Yahoo! is i
Forum: Full Disclosure
5 years ago
Robert Chapin
mario & Gareth, thanks I'm glad it wasn't just me. The breakthrough I thought I had for the cheat sheet didn't pan out. At least I didn't make an ass of myself by publishing an untested exploit. As a small consolation prize, I do have a variation for you. The cheat sheet says this doesn't work in FF: <IMG SRC=&#0000106&#0000097&#0000118&#0000097&#0000115....
Forum: XSS Info
5 years ago
Robert Chapin
Greetings. Some may remember me from http://ha.ckers.org/blog/20070309/analysis-of-firefoxs-password-manager-fix/ I just stumbled on a character encoding vector that seems to be missing from the XSS Cheat Sheet. I'm here to get acquainted and make sure I'm not reinventing the wheel. :)
Forum: Intro
5 years ago
Robert Chapin
Gareth Heyes Wrote: ------------------------------------------------------- > x='aler\u200ft(1)' > eval(x) I need help with this and similar ones. They don't seem to do anything in my browsers. <script> x='aler\u200ft(1)' eval(x) </script> Does nothing? Did I miss the point? This one works for me: <object data=jav&#x61script:\u0061lert(2)> I have
Forum: XSS Info
Current Page: 1 of 1