Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Bug reports, feature enhancements or other complaints with the site, with us or just tell us what a miserable existance you have. No death threats or poetry please. Just kidding, no poetry please. 

Pages: 1234Next
Current Page: 1 of 4
Results 1 - 30 of 103
4 years ago
SpoofGhost
@ pappy, not sure if they use such a technique and i'm also not quite sure if i can mange to work. but if i do it would be quite a flaw. at first i tought it would work but that seems not the case so i have to figuere out if it is possible at all. in some cases i'm sure it would be if you are able, like for example a page where you already know that a presistend xss bug exists in that case you ca
Forum: XSS Info
4 years ago
SpoofGhost
about the cross domain thing. i don't think it is possible becouse you have to inject code into another site wich you do not have acces to. wich is a good thing ofcourse. i'm still testing tho
Forum: XSS Info
4 years ago
SpoofGhost
Hi there all, i haven't showed myself lately and I hope my english is readable grammar isn't one of my strongest points ;p but I came up with something wich might already has been used or already has been tought about. Anyway I don't know so I just trow it here to see wether I get some response :). its about the iFrame bursting thing. How well can this be used the bad way? I k
Forum: XSS Info
4 years ago
SpoofGhost
hmm aperently the link is clean now, but for some odd reason yesterday it popped up a box where to enter acces point info
Forum: XSS Info
4 years ago
SpoofGhost
hej, to start right away. i came a cross some odd thing. to show it to you: http://mot.zapto.org/ot/signature.php?character=Administrator%20Kius&image=1 this was a link to an img but when the pages with that images popped up it asked for an acces point! very strange.. it was posted as an avatar on a forum i believe. i'm not sure but this might me funny stuff to play arround
Forum: XSS Info
4 years ago
SpoofGhost
i think this could be used with a redirect, i'm sure there are site's wich are quite good protected but if you can force a redirect with the characters to your phishing site. and they can't see in the url bar that there on the wrong site. they might think oh i probably have deleted it orso. so it can be used in an attack not sure what more is possible with this tho
Forum: CSRF and Session Info
4 years ago
SpoofGhost
uh, well if you can create connections with the languages of choice it it is possible as far as i know. you just have to interact with a server/client whether it is in php or c or an other language tho some of those are limited. just learn how connections work like sockets etc learn c/c++ i would recommend as you can create platform independend aplications(like your bot net) i won't encurag
Forum: DoS
4 years ago
SpoofGhost
i need to login and inject the xss in one of there pages but the problem is that the page only exists for 10 min orso thus i need to do it over and over again thats why i need curl in the first place its almost a bot... as it has some more functions it can preform...
Forum: Robots/Spiders/CAPTCHAs, oh my
4 years ago
SpoofGhost
oh i do have a bit of a problem.. maybe you guys know a solution. the thing i'm having problems with is the an option from curl followlocation, it give's an error anyway i need to turn off save mode and also open basedir tho save mode is off open_basedir is still a problem. i can't turn this off as i'm using a "free host" so i need a solution for this. i already had some sorth
Forum: Robots/Spiders/CAPTCHAs, oh my
4 years ago
SpoofGhost
oh, well i'm working it i hope when i'm done your not disapointed :P
Forum: Robots/Spiders/CAPTCHAs, oh my
4 years ago
SpoofGhost
hmm project isn't comming from the ground very busy with other stuff.. but i have looked into mailinator and that looks great
Forum: Robots/Spiders/CAPTCHAs, oh my
4 years ago
SpoofGhost
i tried the first site that showed up in your search result and it seems like a nice hosting service. still have to check it out fully thanks alot!
Forum: Robots/Spiders/CAPTCHAs, oh my
4 years ago
SpoofGhost
havent been arround for some time i had a busy time with school, anyway... i'm continueing this project tho my host has some problems concerning Curl so i can't really use it. anyone knows some free hosting where this is enabled?
Forum: Robots/Spiders/CAPTCHAs, oh my
5 years ago
SpoofGhost
why not try to create a self enhancing script. instead of updating it manually every time! its just a proposal but it could be nice to try and create. maybe create some sort of honny pot cature the attack and create a regex for it automaticly.. i'm really not sure how far this is possible but it would be great to see.
Forum: Projects
6 years ago
SpoofGhost
what about logfile poisoning? isn't this possible?
Forum: Projects
4 years ago
SpoofGhost
hey thanks .mario and backbone, going to look into that a pop3 might also be possible to pull this of. haven't had anytime to work further on the project tho.
Forum: Robots/Spiders/CAPTCHAs, oh my
4 years ago
SpoofGhost
sometimes you really have to be creative to make something work but imo those are the one's wich will provide the moste fun becouse your learn alot from it.
Forum: Robots/Spiders/CAPTCHAs, oh my
4 years ago
SpoofGhost
hey thanks man i guess your right :P din't thought of that. going to look into it and i will definitly show the results here :)
Forum: Robots/Spiders/CAPTCHAs, oh my
4 years ago
SpoofGhost
oke thanks, tho it isn't really where i'm looking for i guess. still i'm going to toy with this! anyway the problem is i need to read out the email. what i'm trying to do is send a prived msg to person x from a friend. with a link in it he clicks on it afther that his email get changed to my email afther that the script will notice my php script that the mail has changed and an email has send t
Forum: Robots/Spiders/CAPTCHAs, oh my
4 years ago
SpoofGhost
Hi there, its been a while since i've posted something here. i already appoligize for my bad engish ;p but as i'm continueing one of my projects i'm asking for some info and help. i'm curently working on a worm for a very big community site. not to harm but to learn. anyway i manged to find 2 bugs 1 was rather useless and the second one is use full but quite hard to exploit tho i manged to
Forum: Robots/Spiders/CAPTCHAs, oh my
5 years ago
SpoofGhost
there has been found an intresting bug concerning FF i'm not sure if it has already been patched but i doubt it unicode-overflow http://packetstormsecurity.org/0907-exploits/firefox35unicode-overflow.txt
Forum: Bugs
5 years ago
SpoofGhost
yes that would be possible ofcourse, tho it depends on what you want to accomplish but yes your right anyway there might be a use in this, still every one think its enoying if there is a captcha on there login also if they remove the rule for login you can brute force. so that aint really a solution for them. btw it was just an example of how that could be used to ddos. it would be even
Forum: DoS
5 years ago
SpoofGhost
hi there ;).. i was thinking about a new dos/ddos type.. as there are many site that have an login system that when you enter the wrong password like 3 to xxx times you can't login for xxx minuts/hours/days. anyway you get my point.. well then if there is a hole/bug on a public place where you can input precisting xss the best place would be the home pages you can generate wrong logi
Forum: DoS
5 years ago
SpoofGhost
well i'm not the kind of person who will go fooling arround, tho it might be easy to setup still i can learn alot from it as i'm not familiar with it. anyway i keep it for my self other then that i just came across it and i have no use other then learning from it so it aint a big deal. why should i disclose something i can learn from anyway.
Forum: SQL and Code Injection
5 years ago
SpoofGhost
why should i disclose the vurn i can still learn alot from it so no need to for now ;p
Forum: SQL and Code Injection
5 years ago
SpoofGhost
hej thanks for these tips i think i will dive into sql one of these days to learn more about this :) thanks for the tips and help so far! btw are there anythings wich are intresting to know concering these kind of bugs like command execution and how about file inclusion? any possibilty?
Forum: SQL and Code Injection
5 years ago
SpoofGhost
i guess it works :) the page is shown
Forum: SQL and Code Injection
5 years ago
SpoofGhost
oke i tried what you told me nut no succes it generate's the same error atleast olmost ' and 'x'='x this however generates a valid quary if i'm not mistaken becouse the site loads normal afther i load that piece. btw (DatabaseException) 1064: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'where+userid
Forum: SQL and Code Injection
5 years ago
SpoofGhost
intresting :).. well xss is possible as far as i know.. anyway could anyone point me in the right direction to exploit it?
Forum: SQL and Code Injection
5 years ago
SpoofGhost
not really.. if u ask me.
Forum: SQL and Code Injection
Pages: 1234Next
Current Page: 1 of 4