Bug reports, feature enhancements or other complaints with the site, with us or just tell us what a miserable existance you have. No death threats or poetry please. Just kidding, no poetry please.
OK. Well... I made two suggestions for change. Firstly I added some error checking to IDS::__construct(), but looking at the code christ1an linked to, this change is totally redundant. Ignore it.
The second suggestion was simply to speed the process up a bit. You weren't using PHP's array_walk where it would be ideal to use it. Making this change would require you to switch the order of the att
Forum: Projects
That is awesomely code. I have yet to go through it all, but the only issue I could find so far is that changing ids.php like so:
73c73,78
< $this->request = $request;
---
> $this->request = $request;
> if ($tags !== false && !is_array($tags)) {
> throw new Exception(
> 'Tags parameter incorrect.'
> );
> }
88,92c93,94
Forum: Projects
I think making a browser block the characters is a bit risky. Sure it would help, but it just may break a site. Is it really right for the browsers to force the users into something that's more restrictive than the technology states? Why not instead have an option server side to return a 500 error for any request with < or > in the URI. This way the server admin can make an informed decision
Forum: Projects
I still have my first ever PC, the only components which are original are one of the memory sticks and one of the CD drives, but I still class it as the same PC.
Forum: OMG Ponies
I'm in the process of moving the torrents (.mp4 only) to http://www.criticalsecurity.net/misc/24C3/, but there's not many seeders, so this may take a while.
Forum: News and Links
from http://events.ccc.de/congress/2007/FAQ#When_will_Recordings_be_available.3F
QuoteWhen will Recordings be available?
Exactly five days, 23 minutes and 42 seconds after the closing event. Or, if we cannot make that: when they're ready.
I have a mirror here: http://www.criticalsecurity.net/misc/24C3/
So the video will be there eventually.
Forum: News and Links
I didn't even think of that. I didn't do anything, and I doubt anyone else did. I also doubt the police even know what an ext3 file system is though.
Forum: OMG Ponies
You guys should have seen the audience. I don't think that room had ever had more people in it. Everyone seemed to love it, even Kaminsky said it was the most info packed talk of them all. Kuza also got invited to talk at Bluehat in May. Pretty good stuff.
It was a great talk. The CCC say the video will be online within 5 or so days. When it is I'll link to it here.
Forum: News and Links
hushmail has simply lost all credibility. Release/warez groups are better off sending off their public keys in their .nfo files.
Of course then there's the issue of setting up a CA when pretty much no one, including the CA can be trusted. Now how's that for an oxymoron.
Forum: Full Disclosure
Firefox should have seen all the file. I don't think you'll get something in wget you didn't in firefox (don't forget the view source though incase the text was rendered as html and not all visible on the page).
Forum: Full Disclosure
../../../../../../../../Winwows/repair/sam
You have a typo there for starters. Did you perhaps try ..../win32/.... ? What if you load .../nofile. What's the error? Does it match the errors you're currently getting?
Forum: Full Disclosure
It's in Swedish. There's not much you need to understand, it's a tinyurl service. Paste in a long link, hit submit, get a short url out.
Forum: XSS Info
Heh. I never even thought of those. While mine isn't automatically submitted, so it would require user input, I should fix those issues too. Not right now though.
I basically added a condition to not show the form if:
preg_match("/^https?:\/\//", $target) === 0)
Should suffice no?
Forum: XSS Info
In terms of creating a proof on concept, assuming there is no limit of payload size, then being able to create an alert box (even if you cant use ' or ") is proof enough that you can run any JS you want.
If there is a payload size limit, then if you can inject a remove .js file (using a forwarding site such as x.se) then you have again proved you can run any JS code you want.
Forum: XSS Info
I'm not sure all that many of us do use BSD. It would be nice if we could have some user agent statistics, both of all visitors and of only logged in visitors.
I personally use Linux (Fedora), though atm I'm using XP on shared computers at uni as I don't have a computer of my own right now.
Forum: Intro
QuoteDear Mr. Karunaratne,
I have checked the previous case logs. You are correct, as the Notebook is crashing in BIOS, it means the issue is with Hardware parts.
...
My reply:
QuoteYou can close the ticket. I was robbed yesterday and my laptop was stolen. Would have been nice if we decided it was a hardware issue earlier and my laptop had been picked up to be fixed by now, but I guess t
Forum: OMG Ponies
I have a Dell laptop which is now getting a little old. I guess it must have hit one too many doorways because it's now crashing at random or when shaken around a little. It's no longer under warranty but I still contacted Dell support, hoping they could pick up my laptop, fix it, hopefully not charge me too much and return it to me.
After a few days talking to Dell support via email and me run
Forum: OMG Ponies
Ivan Ristic's Apache Security
George Schlossnagel's Advanced PHP
I was considering buying that fuzzing book, but I have no money right now. As for Professional Pen Testing for Web Applications, I liked it but it's not on my "great" list by any means.
Forum: OMG Ponies
Here's a few of mine I like:
document.body.appendChild(father) //hehe, semantics went out the window there
Also there's document.body.innerHTML = document.body.innerHTML The code actually didn't work in IE6 without that line of code.
Forum: News and Links
