Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Whether this is about ha.ckers.org, sla.ckers.org or some other project you are interested in or want to talk about, throw it in here to get feedback. 

Current Page: 1 of 1
Results 1 - 27 of 27
4 years ago
doody
Edit: I decided to try with the preg_match line commented out. Looks safe since I can do stuff like <b>bold text</b> but it'll be displayed verbatim. Is there any workaround that I might not know of?
Forum: XSS Info
4 years ago
doody
Hmm but the preg_match also stops me from using < and > characters. Would it be safe to add that in to the regexp? Edit: I decided to try with the preg_match line commented out. Looks safe since I can do stuff like <b>bold text</b> but it'll be displayed verbatim. Is there any workaround that I might not know of?
Forum: XSS Info
4 years ago
doody
I'm looking for the best way to sanitize all my input using PHP. I want it to be just like Facebook: only plain text is allowed, no tags of any sort.
Forum: XSS Info
4 years ago
doody
Would LeverOne care to share a brief explanation of his code? It's ok if you don't want to.
Forum: Obfuscation
4 years ago
doody
I had an idea to run a web server off a VM.. reason being I wanted to keep the web server environment isolated and also make it easy to wipe the entire OS if there were any problems.
Forum: OMG Ponies
4 years ago
doody
I was wondering about setting up a virtual machine on VirtualBox or VMWare. How secure are those? Is it possible to break through and get to the underlying system?
Forum: OMG Ponies
4 years ago
doody
So I guess Math.random() isn't really random...
Forum: Obfuscation
4 years ago
doody
Maybe your initial 'order by 1' query was wrong - it just happened to work but doesn't mean that there is at least 1 column.
Forum: SQL and Code Injection
4 years ago
doody
I can't seem to find any other way to poke around this site. Maybe someone else here can do better. URL:
Forum: SQL and Code Injection
4 years ago
doody
Thanks Reiners. Seems like I can only do SELECT statements. They have an "Update Information" page but the fields are covered with mysql_real_escape_string. If it was addslashes maybe it would be easier to go around.
Forum: SQL and Code Injection
4 years ago
doody
Ok, that's handy. I was using concat_ws cos last time I couldn't get group_concat to work.. probably the MysQL version. Anywhere there is a limit to the output from the query so it's being truncated. Managed to use the LIKE clause to try and reduce the output. Somehow it doesn't like the ' character. Anyhow, it's possible to use LIKE to slowly extract all the information needed, just troublesom
Forum: SQL and Code Injection
4 years ago
doody
I'm unable to add a where clause. It throws a "Warning: mysql_fetch_array() expects parameter 1 to be resource, boolean given in C:\xampp\htdocs\news.php on line 18" error. I'm going with load_file now. So far I've just managed to get a listing of news.php, gonna see what else I can do.
Forum: SQL and Code Injection
4 years ago
doody
Ok, added a limit n,1 to the end and I was able to start getting table names around limit 28,1 onwards: hxxp://xx/news.php?id=100 union select 1,2,3,TABLE_NAME,5 from INFORMATION_SCHEMA.TABLES limit n,1 How can I get the column names of the tables? Would it be possible to get column names of individual tables? Or can I do: hxxp://xx/news.php?id=100 union select 1,2,3,COLUMN_NAME,5 from INFOR
Forum: SQL and Code Injection
4 years ago
doody
I've found the number of columns by using order by, and now I have hxxp://xx/news.php?id=100 union select 1,2,3,4,5 Got the database version: 5.1.41 (which seems to be MySQL) I'm trying to get the table names with this: hxxp://xx/news.php?id=100 union select 1,2,3,TABLE_NAME,5 from INFORMATION_SCHEMA.TABLES-- However I can only get 1 table name, apparently called 'CHARACTER_SETS'. Trying
Forum: SQL and Code Injection
4 years ago
doody
Thanks thrill but I don't know any PASCAL. Also, it's a requirement to use JSP for my project. Hey Matt, sorry I don't live in the US so I don't know anything about AOL. But over here internet access goes through a proxy as well. Is it always the case that the proxy IP from a client will always be the same? Will there be a case where a client is routed through different proxies when accessing m
Forum: XSS Info
4 years ago
doody
How can I implement this in JSP? Is it easy?
Forum: XSS Info
4 years ago
doody
How can I do validation (server/client/anywhere) such that I can prevent session hijacking? It's probably out of the scope of my project (school stuff) but now I'm just interested to know!
Forum: Projects
4 years ago
doody
Is it always the case that I can take over a session with just the cookies?
Forum: XSS Info
4 years ago
doody
Thanks Matt, I should be able to implement most of that, except the HTTPS one. It's actually just a project, so it's running on a local Tomcat server. Matt Presson Wrote: ------------------------------------------------------- > Session Management: > Do not generate your own session identifier. Use > the built in session mechanism provided by your > JSP container or applicati
Forum: Projects
4 years ago
doody
How do I go about using cookies to log in on another computer? On computer A I have logged in onto a secure site (using SSO) and I retrieved the contents of document.cookie. Can I go to computer B, visit the same site, and set the cookie with the same values in order to "log in" to that same site on computer B?
Forum: XSS Info
4 years ago
doody
I'm currently working on a project that involves building a website in JSP and with a backend PostgreSQL database. Are there any points that I can look out for with regards to securing this website against attacks? The only thing I can think of currently is SQL injection, which has already been covered by using PreparedStatement for all SQL queries. Are there any other attack vectors that I should
Forum: Projects
4 years ago
doody
thornmaker Wrote: ------------------------------------------------------- > However, there's nothing stopping a > developer from dynamically constructing the query > string (so that it contains user-generated data) > and using it in a parameterized query, in which > case you're still vulnerable. And yes, I've seen > this happen. Could you give an example of how this wo
Forum: SQL and Code Injection
4 years ago
doody
Yep, understood the window.name part. I think this section is a bit above me right now...
Forum: Obfuscation
4 years ago
doody
Ok, I read one of the posts in the previous thread so I'm beginning to understand how the strings are constructed. Gee how does anyone figure out that ![] gives you false? I can't seem to get undefined printed when i do javascript:[][[]], am I missing something? Also is there a reason why we're doing eval(name)? Wouldn't something like eval(a) save some chars? Also, don't really understand why
Forum: Obfuscation
4 years ago
doody
I looked at his PoC. Am I right in saying that it's basically doing eval(name)? So how come we need []['filter']['constructor']('eval(name)')()? Also, is there any practical use in this? Or is it just a fun contest? =P
Forum: Obfuscation
4 years ago
doody
Could someone explain what's going on here? I'm kinda lost...
Forum: Obfuscation
4 years ago
doody
Hi, first post here =). Hope this is valid: <a href="javascript&#0:alert('1');">click me</a>
Forum: XSS Info
Current Page: 1 of 1