Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Whether this is about ha.ckers.org, sla.ckers.org or some other project you are interested in or want to talk about, throw it in here to get feedback. 

Current Page: 1 of 1
Results 1 - 6 of 6
6 years ago
natron
Yes, I just left it unencoded to make it easier to see what I was talking about.
Forum: SQL and Code Injection
6 years ago
natron
?keyword=str'+'eet results in an error, but: ?keyword=str'+++;-- results in all searches for "str". Pipes also result in errors. Something else possibly strange going on: The server echoes the input back to the browser (it is an XSS vector as well). When you submit str'+++;-- it echoes back as "str' ;--'. (The +'s have become spaces.)
Forum: SQL and Code Injection
6 years ago
natron
Anyone have any ideas what type of backend SQL command is processing this request? I can't seem to figure out why I'm seeing what I'm seeing and if this is actually injectable. It's a search function site.com/site.asp?keyword=street Returns: all matches on the word street site.com/site.asp?keyword=street' Returns: HTTP 500.100 - Internal server error: ASP error. site.com/site.asp?keyw
Forum: SQL and Code Injection
6 years ago
natron
I pasted in the ha.ckers.org XSS list a while back, here it is with some filtered out that I normally don't use. ';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT> '';!--"
Forum: XSS Info
6 years ago
natron
Assuming I'm going to script this thing myself just to get the features I want, anyone have any idea of how to identify parked domains? I guess you could just always grep out the <title> tag and display that in the output. It would be simple to eliminate a lot by sight that way, but when reviewing large numbers of sites it could be annoying. This http://domainlinked.com/list-of-all-
Forum: Projects
6 years ago
natron
Is anyone aware of a tool (or web app) that will allow searching for domains across all TLD's? It looks like Paterva Maltego (through serversniff.net) has a function that does this, but serversniff is down and I haven't been able to get this function or their webapp to work. It should be fairly simple to build a script that would do this, but before I did it I thought I'd ask. I'm wanting t
Forum: Projects
Current Page: 1 of 1