Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
For any nonsense or banter that doesn't fit anywhere else. LoL! omg! ROFL! 

Current Page: 1 of 1
Results 1 - 28 of 28
7 years ago
psifertex
Cool! Less than four hours after the notice I was going full-disclosure this morning they fixed the problem. I should have done that a year ago. I wish responsible disclosure was more motivating...
Forum: Full Disclosure
7 years ago
psifertex
What's the most brain-dead, security-lacking authentication system you can possibly imagine for a webapp? What, what's that I hear you saying? "Put the username in a cookie and trust that"? Why, yes! That /is/ the most brain-dead, security-lacking authentication system you can possibly implement. Surely no one would actually use such a system, would they? Over a year ago I
Forum: Full Disclosure
7 years ago
psifertex
Well, it's odd. I resubmitted and now, I've got 3 Yes responses, 1 blank response that used to be a yes, and 3points. So the points are now in alignment with the yesses, but one of the answers that was working before is no longer valid. Either way, thanks much for the contest, it was a lot of fun.
Forum: OMG Ponies
7 years ago
psifertex
Uhh. weird. Now the exact same input is giving me a different result. With the exact same curl as before, so it's not a caching or browser quirk issue.
Forum: OMG Ponies
7 years ago
psifertex
Ahh well, it means I can stop stressing over whatever I was missing. ;-)
Forum: OMG Ponies
7 years ago
psifertex
*sigh* 4 Yes 1 No 2/6pts So close... Grr.
Forum: OMG Ponies
7 years ago
psifertex
@id -- haha, you sound like a laywer. ;-)
Forum: OMG Ponies
7 years ago
psifertex
Haha -- I moved my conference call from 4:30-5:00 hoping I'd be done before then. Only 2/3 done, but at least it was a quick call. The best part was the other guys on the call had been working on the challenge too so I don't think any of us wanted the call to go too long.
Forum: OMG Ponies
7 years ago
psifertex
Tick... Tock... Tick... /me looks at his watch again. So close. ;-)
Forum: OMG Ponies
7 years ago
psifertex
Good call, trev, I noticed single quotes weren't escaped when I was testing. Might as well escape it unless there's a good reason not too. Thanks for the pointers to the original bugs.
Forum: XSS Info
7 years ago
psifertex
I'm not sure what you mean by that? SSL fileshare? Like a webdav server running SSL?
Forum: Projects
7 years ago
psifertex
I'd edit the previous post, but I might as well separate this out since it's going to be a long explanation. So here's why I cared about that above, and what I realized when I was done. I was testing an app that had XSS that I had missed because of a combination of two things. First of all, the developer was properly escaping each variable whenever he used it, but he was doing form submits vi
Forum: XSS Info
7 years ago
psifertex
Dumb question probably, but I'm not sure 1) when this first happened, or 2) how I've not noticed it before. When testing out some XSS, I noticed that I couldn't get firefox to XSS, even though IE 6.0 worked fine. When I looked more closely it was because firefox kept escaping the quote and less-than and greater-than characters in the url. Then I tested IE7 and noticed it had the firefox behav
Forum: XSS Info
7 years ago
psifertex
np, glad to contribute.
Forum: News and Links
7 years ago
psifertex
If you really want a huge dump site of videos and audio from past cons, check this one out: http://mirrors.easynews.com/blackhat/
Forum: News and Links
7 years ago
psifertex
I really don't see script for a worm anywhere -- where am I missing it? I see the character encoded frame break out code up top, the code to color the stars, and the iframe at the bottom that looks like goes to a page with nothing in it. Anybody want to give me a hint what I should be looking at? I'm sure I overlooked something...
Forum: Full Disclosure
7 years ago
psifertex
@busin3ss: that type of attack goes by the name of CSRF (cross-site request forgery)
Forum: Full Disclosure
7 years ago
psifertex
btw, it's possible in FF to bind a hotkey to a bookmarklet using keyconfig. I use one for my genpass bookmarklet (http://labs.zarate.org/passwd/) for password generation (I know bookmarklets like this are subvertable, but actually noscript helps tremendously -- the bookmarklet can act on the DOM of the page, but no JS from the page itself is rendered helping protect against the page js attempting
Forum: Projects
7 years ago
psifertex
Gotcha--I'm not sure I'd call that stego, really, though I guess it kinda is. That's more like, well, cat'ing two files together and hoping the parser of the first ignores the gibberish at the end, and that your zip tool can ignore the gibberish at the beginning and still hit the zip. Check out foremost, the forensics file carving tool for doing automated-analysis of any files like this to d
Forum: Projects
7 years ago
psifertex
Yeah, pdp, yeah, I saw that. Great stuff. I'm tempted to start including hidden attackapi libraries on some of the websites I've got and monitoring them via the zombiemap. Could be fun. Could be dangerous too since it allows someone to do anything they want to my websites were I put them. ;-) Or I suppose I could run my own copy of the zombie map somewhere else instead of using carnival.
Forum: Projects
7 years ago
psifertex
Be very careful Hong! Remember what happened to Samy even though his worm had no malicious intent in the design. As RSnake's said before, if folks come asking for logs with subpoenas, there's not much he can do (uhh, at least, I think he said that before, but this hasn't been my week, so maybe I'm mis-remembering). Even if you have the best intentions in the world, I'd be extremely wary of cons
Forum: Projects
7 years ago
psifertex
@Andrew: I'm not sure what you mean by ignoring the preceding headers -- the primary concern is one of size, usually. You can hold /any/ sort of data in jpg, gif, and png (non-compressed formats like gif and bmp tend to be easier) files. In those cases, you usually zero out the least significant bits of the color information (since typically the color depth is a lot higher than the human eye can
Forum: Projects
7 years ago
psifertex
Jungsonn: I did something along those lines this morning for a presentation using BackFrame and AttackAPI. Not quite the same as in showing all the information leakage, but it was a quick and easy way for me to show folks how powerful javascript was via an interactive control mechanism. AttackAPI would make a great starting library for what you're talking about. It already has a ridiculous amou
Forum: Projects
7 years ago
psifertex
Another way to go about doing it (doesn't help with the threading issue though) is to leave the perl back-end and just whip up a simple GUI front-end. Heck, you could even package the cygwin libraries and binaries into an installer so folks that just want point-and-click and don't want to mess with cygwin can do it. That also makes it easier to not have to remember the perl command-line, but tho
Forum: Projects
7 years ago
psifertex
The question might be what /else/ does that particular mechanism stop. Does it block malformed requests of other sorts? Maybe with bytes it deems invalid in the url, or an ip address in the host field instead of domain name? Maybe the same mechanism that blocks the other HTTP options is triggerable by something that is linkable? I'm sure you've already tried those, just a thought. Good luck.
Forum: XSS Info
7 years ago
psifertex
Looks like it will be available whenever 3.0 comes out. You can download the nightlies in the meantime to try it out. I know other methods have been available to get the functionality in FF, but the more people that have it automatically enabled, greater likelihood developers will use it. Of course, then I'm sure we'll find all sorts of flaws in the actual implementations, but it's still a good
Forum: XSS Info
7 years ago
psifertex
One really interesting aspect is that this works in Firefox with NoScript (obviously), but also with SafeCache and SafeHistory installed.
Forum: News and Links
7 years ago
psifertex
I did something similar to this a couple of years ago to stop comment spam on my blog. It was much more basic, but built around the same concept -- I just used document.write to write out the actual comment form. The url was in a couple of pieces that were then just concatenated together. Really simple, really basic, only worked if javascript was turned on, but it was for my personal blog and n
Forum: Projects
Current Page: 1 of 1