Hello,
This year there is an advent calendar aimed at security -
http://secadvent.com
Every day for the period Dec 1 -25 a security related article will be
published on the website.
Today's article is a crypto type puzzle.
Best of luck from the Security Advent Calendar
Forum: News and Links
http://search.news.com.au/search?q=abc%3C%2Ftitle%3E%3Cscript%3Ealert%28String.fromCharCode%2890,79,77,66,73,69,83,32,65,72,69,65,68,33%29%29;%3C/script%3E%3C&sid=&us=&as=&ac=&r=typed
Forum: Full Disclosure
Oh lol.. I borked the forum... let me urlencode that for you
http://shop.three.com.au/search/searchResult.jsp?query=%22%3B%3C%2Fscript%3E%3Cscript%3Ealert('ZOMBIES+AHEAD!')%3B%3C%2Fscript%3E%3C%26_requestid%3D542403
Forum: Full Disclosure
@rvdh,
Thanks Ronald, I'll make sure I grab it and look over it. There probably won't be any significant signature updates until version 1.6 or so as I want to extend my test suite to be able to do signature coverage first. That way I wont break anything too severely when I overhaul the signatures :)
Forum: Projects
Hi guys,
Looking for some feedback, good or bad for graudit.
You can grab the latest version from http://www.justanotherhacker.com/projects/graudit.html
Cheers
Forum: Projects
Looks like he lost some files;
Warning: require_once(/home/content/l/o/k/lokoutshop1/html/includes/defines.php) : failed to open stream: No such file or directory in /home/content/l/o/k/lokoutshop1/html/index.php on line 21
Fatal error: require_once() : Failed opening required '/home/content/l/o/k/lokoutshop1/html/includes/defines.php' (include_path='.:/usr/local/php5/lib/php') in /home/conten
Forum: News and Links
Good stuff!
Your comments suffer from a bit of copy/paste with the goal statement, but otherwise far better than the usual run of the mill. I'd like to see some more red herrings in them, but I'm probably in the minority in that regard.
Forum: SQL and Code Injection
@id, that wasn't a roast, he said he likes jokes....
@marshmellowguy; welcome! grab a beer and pull up a chair, but not too close to the fire :)
Forum: Intro
@rvdh
And so if he's injecting into a non-mysql database system....syntax'd! Granted there isn't enough evidence to assume one way or another, but I prefer to inject using SQL that isn't vendor specific whenever I can.
Forum: SQL and Code Injection
@rvdh
Ok, so it might work in some version of mysql, I'm too lazy to validate that. I know postgresql chokes on it and I'd be willing to put money on oracle, sql server, access, sqlite and others will as well. The safe insert syntax is "insert into <table> column1,column2 VALUES('value1','value2');"
Forum: SQL and Code Injection
INSERT INTO email_pref SET weekly=1, email='mciske@earthlink.net'
Are we mixing UPDATE SET and INSERT INTO VALUES are we?
Forum: SQL and Code Injection
I was expecting
0x01 - Disclaimer
0x02 - Introduction
0x03 - Fuzzing
0x04 - "Order by" or "Union all select"
0x05 - Database Version & Schema_Name's
0x06 - Viewing Tables & Columns
0x07 - Pulling The Sensitive Information
0x08 - Load_File('etc/passwd')
0x09 - Into Outfile & Into DumpFile
0x0A - Bypassing IDS & IPS's
0x0B - Conclusion
And your nu
Forum: SQL and Code Injection
It's fail in shrinkwrap, the web is so badly written that browsers pack quirk modes, and auto correct your html causing a large number of issues, etc.
IMHO we need to take a step back, label mashups as bad practice so people think twice about developing/using them (duh that will happen). Enforce compliance, if your site uses bad html then it will render unreadable and it sucks to be you.
Eve
Forum: News and Links
The margin on a $8k refund for a $8k (10% of $80k) return doesn't sufficiently outweigh the cost of 3 years worth of mail forwarding in the scenario you outlined. There is also the problem of finding someone who is willing for sign their house over to you for free for 3 years so you can scam a few bucks, and each participant can only buy one house. Even as a pyramid scheme that is a far cry from r
Forum: OMG Ponies
