Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Whether this is about ha.ckers.org, sla.ckers.org or some other project you are interested in or want to talk about, throw it in here to get feedback. 

Pages: 12345...LastNext
Current Page: 1 of 22
Results 1 - 30 of 637
3 years ago
sirdarckcat
Hey guys! I just got this working today.. so wanna see what other people can come up with! Objective: You have this vulnerable code: function process(input){ function parseJson(str){ var san=str.replace(/\\["\\\/b-u]/g,"@").replace(/"[^"\\\n\r]*"|true|false|null|-?\d+(?:\.\d*)?(?:[+\-]?\d+)?/g,"]").replace(/[,{]\s*+*\s*:/g, '').replace(/(?:^|
Forum: XSS Info
4 years ago
sirdarckcat
> Haha indeed :D Who was that one guy on the photos??? I think it was mustlive.. I think I hear "hello slackers, I come to warn you about vodka"..
Forum: OMG Ponies
4 years ago
sirdarckcat
actually.. some guy just trolled a couple hundred of /b/astards and a couple hundred of people at the press.. that "poll" was fake, and completely unofficial http://www.mtv.co.uk/artists/justin-bieber/news/229769-justin-bieber-north-korea 4chan has been victim of another (superior) troll.. haha
Forum: News and Links
4 years ago
sirdarckcat
I do agree it was great!! :D I will never forget that gala dinner after-party.. I will never forget how I woke up the next day. haha Great time guys!
Forum: OMG Ponies
4 years ago
sirdarckcat
location.__noSuchMethod__=location.replace;location["javascript:alert(1)"](); window.__noSuchMethod__=setTimeout;window["alert(2)"]();
Forum: Obfuscation
4 years ago
sirdarckcat
lolz https://www.facebook.com/topic.php?uid=103331541541&topic=23009 they point to us!
Forum: News and Links
4 years ago
sirdarckcat
sorry guys but I have to revive this thread. http://xybershieldtest.com/ bypass username: guest'-- Greetings!!
Forum: News and Links
4 years ago
sirdarckcat
how do you treat new lines? and <>? anyways.. browsers suck, if the page does any type of DOM interaction using cssText of innerHTML it will break.. something similar to this: http://heideri.ch/jso/#59 but inside styles.
Forum: XSS Info
4 years ago
sirdarckcat
> they should support BeforeScript NoScript's surrogate scripts do that (quite nicely), and on Chrome content scripts can be configured to do that..
Forum: OMG Ponies
4 years ago
sirdarckcat
> $alert$($location$) nice!! (it's in globals.Function code)
Forum: Obfuscation
4 years ago
sirdarckcat
courtesy of hasegawa <img src="x:x" alt="``onerror=alert(1)">
Forum: XSS Info
4 years ago
sirdarckcat
hahaha, /me steps back.. I don't think I said anything untruth or wrong, but I still respect rvdh haha.
Forum: Obfuscation
4 years ago
sirdarckcat
he is rvdh? wow he has changed -_-
Forum: Obfuscation
4 years ago
sirdarckcat
haha :D here in slackers we love trolls like you.
Forum: Obfuscation
4 years ago
sirdarckcat
haha I'll pwn it, dont worry :P, I've been busy this week.. my internetz failz
Forum: XSS Info
4 years ago
sirdarckcat
wow, I suck at splitting topics..
Forum: Obfuscation
4 years ago
sirdarckcat
> MSIE XSS filter bypass is a good example of how trust in your own policy rules > WILL be broken, and even turned against itself. Google was vulnerable for setting > a header flag enabling the MSIE XSS Filter, and got pwned through it, despite > M$'s extensive testing, they've made a mistake in only a handful of Regexp-rules. dude, you are lost xD, that paragraph is complete
Forum: Obfuscation
4 years ago
sirdarckcat
its actually backwards, the only two sites that didn't got pwned in the world where sla.ckers and google because both disabled the filter as soon as they became aware of the issue. why give the heads up to sla.ckers and google? well, because I happened to find the issues while experimenting here and in google docs. > I was under the impression that Google had set: X-XSS-Protection: 1; wi
Forum: Obfuscation
4 years ago
sirdarckcat
yep! but we still need the victim to try to resolve the domain to our IP.. :(
Forum: OMG Ponies
4 years ago
sirdarckcat
this doesnt work! <div style="background-image: url('http://red/x?y=1');">xxx</div> and is broken anyway heh x{ background-image:url('http://xD/x?z=m'asdf; lulz:lolz; lolz:lolz'); } use ACS/CAJA! Greetings
Forum: XSS Info
4 years ago
sirdarckcat
@holiman Congrats!! =D @gareth un-congrats for not going =( @mario awesome! we'll finally meet =D I want to win a nobel prize =/
Forum: Obfuscation
4 years ago
sirdarckcat
Lots of bypasses by a couple of friends and users of another forum! https://foro.elhacker.net/nivel_web/cyh_bypass_de_filtros_de_xss-t289955.0.html They are fixed now, but I dont think it's very safe atm.. Greetings!!
Forum: Projects
4 years ago
sirdarckcat
btw, thanks guys.. theres a new filter and noone told me :( background:url(/*this-is-a-comment-on-IE);background-image:url(still-a-comment*/); CSS is not easy dude :P
Forum: Projects
4 years ago
sirdarckcat
nice try, good luck next time <div style="xss=\000065xpression(confirm(1))!: url('xD');">hola</div> greetings!!
Forum: Projects
4 years ago
sirdarckcat
I consider this the best random: random=sha1(http.GET("http://boards.4chan.org/b/")); I challenge any hacker or government to reduce randomness of /b/.. Greetings!!
Forum: Obfuscation
4 years ago
sirdarckcat
hahaha awesome leverone, :D I didn't know you could calculate Math.random() in the past... you rock :D
Forum: Obfuscation
4 years ago
sirdarckcat
Hi Lever One! Weeeell.. thats a cool solution! I refined the last line of code: http://pastebin.com/KQFXvmym so now it should work from the 2nd run of the sandbox (till the end of times). It still requires the code to be evaluated twice in order to win. Anyway, it's a nice solution :D, I'll add you to the list of winners, with a note :) It would be cool if you can find the solution
Forum: Obfuscation
4 years ago
sirdarckcat
if they allow u to put <object> they are on bigger problems already.
Forum: XSS Info
4 years ago
sirdarckcat
No vinnu, what Gareth means is that by means of the spray attack he is able to Inject Parameters in Unsigned integers (IP on U), such as unsigned int. in that case the number will overflow if its unsigned and will now be "NaN" or "Infinity" or "null" or "window" depending on the implementation, then the server will transform our number to JSOPCodes and wi
Forum: News and Links
Pages: 12345...LastNext
Current Page: 1 of 22