Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Bug reports, feature enhancements or other complaints with the site, with us or just tell us what a miserable existance you have. No death threats or poetry please. Just kidding, no poetry please. 

Current Page: 1 of 1
Results 1 - 20 of 20
6 years ago
majak
lol @ the guy below me...;-) If you want us to believe you, show some evidence. And I don't see much difference between 100% and 2000% CTR, both are far too much.
Forum: Search Engine Hacking and SEO
6 years ago
majak
What its argument does? I can't find it documented anywhere. It looks like something with indenting, but clear explanation would be nice;-)
Forum: XSS Info
6 years ago
majak
It makes over 1000 iframes like these: <iframe name='c' src='?a382' width=258 height=594 style='display:none'></iframe> <iframe name='9a4506869' src='?a1bdc' width=706 height=396 style='display:none'></iframe> <iframe name='6' src='?094' width=598 height=81 style='display:none'></iframe> <iframe name='ec6c096c831f' src='?99ca519bbe1' width=267 height=19
Forum: XSS Info
6 years ago
majak
I found something about it with help of google translate here: http://google.com/translate?u=http%3A%2F%2Fwww.nosec.org%2Fweb%2Findex.php%3Fq%3Dnode%2F95&langpair=zh%7Cen&hl=en&ie=UTF8 So maybe you can make your own opinion wheater it is malicious or not. But it lacks documentation, I'm not familiar with all of it's features.
Forum: SQL and Code Injection
6 years ago
majak
maybe they have some better authentification then just plain cookies, for example IP paired with SESSID.
Forum: XSS Info
6 years ago
majak
I can't read chinese either, but there are some posts in english, like http://www.nosec.org/web/index.php?q=node/95#comment-3727 (But perhaps its only false alarm.)
Forum: SQL and Code Injection
6 years ago
majak
I think you can do INTO OUTFILE. Use hex encoding, so you won't need quotes. Look here: http://ferruh.mavituna.com/sql-injection-cheatsheet-oku/#HexbasedSamples (In fact I never tried it in mysql 4, only in mysql 5. But there is chance that it will work. )
Forum: SQL and Code Injection
6 years ago
majak
At first, i don't know why are you doing it so obscure. Tell me, what exactly do you want to do? Then, why your example fails... After first ')', paren is -1. And then, after '(', paren is 0, so it is changed to Infinity. It won't increase or decrease anymore. I hope this helps. (And btw, this function returns nothing, str.substr(0,pos) won't strip str, it only returns that stripped value (and e
Forum: Projects
6 years ago
majak
Line numbers would make Codetcha more usable, because I have to count lines every time I miss something:-). And btw, i already solved hard two times, its not that hard when you spot what kind of errors it procudes. But when i first saw it, i didn't know what I am supposed to do and it took me quite long...
Forum: Robots/Spiders/CAPTCHAs, oh my
6 years ago
majak
but one salt for all passwords stored in file means that you need only one rainbow table... it loses it's main feature. or i get you wrong and you mean one salt for each user in one file? (it doesn't sound good for me, but maybe there is nothing wrong about it)
Forum: CSRF and Session Info
6 years ago
majak
so, quick google search discovered this: http://www.php-editors.com/forums/mysql-help/5496-phpmyadmin-used-public-db.html http://www.webdeveloper.com/forum/showthread.php?t=83252 in fact, i don't know whether these are trustworthy sources, but why not:-). and maybe you can set up some script (on some free hosting) written in php to connect to the DB and obtain the data you want.
Forum: SQL and Code Injection
6 years ago
majak
maybe they are blacklisting some words like "union". try if script.php?id=1 or 1=1/* and script.php?id=1 and 1=0/* works or not. it may help you (or not;-)).
Forum: SQL and Code Injection
6 years ago
majak
yes, you are right. i was talking about this very specific case, where everything (except password:-)) is known and you manage to reverse hash. and, what's point of delimiter? (i can't think of any except it slightly helps salting)
Forum: Privacy
6 years ago
majak
I don't think it will be misleading, because he will get $salt.$password.$salt. And if he knows $salt, he will $password. (Assuming that he won't find some collided nonsense.) But if it is salted, there is almost zero chance to find that hash.
Forum: Privacy
6 years ago
majak
i think he wants http://noscript.net/ (you meant incoming to server or incoming to you?)
Forum: SQL and Code Injection
6 years ago
majak
you can't union two tables with * unless they have same number of columns.
Forum: SQL and Code Injection
6 years ago
majak
'x' is not x. 'x' is string and x is column name. so x=x can't work if there is no column named x. and if it's really delete query, they think before you act, because you could easily empty invitations table.
Forum: SQL and Code Injection
6 years ago
majak
i don't if it is possible, but if it is, it could be very annoying. imagine malicious website which sets your homepage to chrome://global/content/alerts/alert.xul :-)
Forum: Bugs
6 years ago
majak
19. salting
is there some standard on how to salt passwords? somthing like hashed = hash(salt+password)? i have already seen hashed = hash(hash(salt)+hash(password)). and my own invention:-) is while (length(password)<20) password+=password; hashed = hash(password); how do you salt passwords and what method would you (not) recommend?
Forum: Privacy
6 years ago
majak
it is google's special search feature, for (more) information look here: http://www.google.com/options/specialsearches.html
Forum: Bugs
Current Page: 1 of 1