Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
If you have some interesting news or want to throw up a link to discuss it, here's the place. Anything is okay, even shameless vendor launches (since that is often applicable to what we work on). 

Pages: 12345...LastNext
Current Page: 1 of 6
Results 1 - 30 of 173
3 years ago
DoctorDan
Are they cool? Evil? Talented? Good dancers? Just curious to hear any opinions about what they've been up to. -Dan
Forum: News and Links
5 years ago
DoctorDan
lolwut. Gareth, haha very nice. Cookie++ -Dan
Forum: Projects
6 years ago
DoctorDan
One great thing about PHPIDS- how often is it that someone finds a vector that gets through that does NOT fit between script tags? All these flaws that we're finding are for a very, very specific XSS hole that could be fixed in other ways. It's not perfect, but I'd say it's pretty damn thorough. I believe it is worth the trouble. Anyone who has tried to bypass the PHPIDS has probably learned s
Forum: Projects
6 years ago
DoctorDan
[$y=('al')]&&[$z=$y]&&[$z+=('ert')+[]]+$y]($z).valueOf()(1) EDIT: if I remember correctly, this may only work in FF2
Forum: Projects
6 years ago
DoctorDan
This is somewhat similar to thornmaker's above... $y=('eva') $z={}[$y+'l'] $y=('aler') $y+=(/t(1)/)[-1] $z($y)
Forum: Projects
7 years ago
DoctorDan
A few alerts here: http://demo.phpids.org/?test=x=(0%29%3f%7b%7d:alert%0ax(1%29 http://demo.phpids.org/?test=x%3D%21/%5C%5C/%3F%7B%7D%3Aalert%0ax(1%29 and I believe all of thornmaker's other ways of saying false in the ternary work with mine as well. Thornmaker, perhaps the s issue is supposed to be \s which denotes a whitespace character. That's my guess... -Dan
Forum: Projects
5 years ago
DoctorDan
It may be worth including the CSS expression vector with the minor variant that fixes the looping issue. I say this only because the variant is what makes the vector practical. Originally seen: http://sla.ckers.org/forum/read.php?2,15812#msg-15849 <DIV STYLE="width: expression((window.r==1)?'':eval('r=1;alert(String.fromCharCode(88,83,83));'))"> And I'm sure that could be cleane
Forum: XSS Info
5 years ago
DoctorDan
http://news.bbc.co.uk/2/hi/americas/8073654.stm Thoughts? -Dan
Forum: News and Links
5 years ago
DoctorDan
I don't see how voicemail is any more private than email... I figure you can do far more damage with someone's email account (at least the way I use voicemail). -Dan
Forum: OMG Ponies
5 years ago
DoctorDan
@wireghoul I think ted is referring to the actual data in the request- the parameters at the end of the URL. I don't believe Tamperdata supports this, oddly... -Dan
Forum: XSS Info
5 years ago
DoctorDan
Pretty impressive, definitely powerful, and perhaps above all just really cool! Very nice, Gareth! -Dan
Forum: News and Links
5 years ago
DoctorDan
Yeah, for learning's sake could you post the original question and answer? -Dan
Forum: XSS Info
5 years ago
DoctorDan
What does '"test do? Safe to assume this is being printed between script tags? Tried any escaping? -Dan
Forum: XSS Info
5 years ago
DoctorDan
Quirky! -Dan
Forum: XSS Info
5 years ago
DoctorDan
You'll have to find a flaw in a browser's implementation of the SOP.
Forum: XSS Info
5 years ago
DoctorDan
Hostname is not a property of the document, at least not as far as I know. Try document.location = 'http://anysite.com'; For reference, https://developer.mozilla.org/en/Gecko_DOM_Reference further, https://developer.mozilla.org/en/About_the_Document_Object_Model and http://www.w3schools.com has some decent stuff too. -Dan
Forum: XSS Info
5 years ago
DoctorDan
So, it's pretty safe to say that if an XSS hole exists in a web application, then JavaScript can be injected into a webpage that is generated by the web application. Because JavaScript has a certain level of control over the DOM, XSS attacks can (and generally do) manipulate the DOM or use information in the DOM to its advantage. You can do a LOT with access to the DOM, because it can be changed
Forum: XSS Info
5 years ago
DoctorDan
Gareth, haha that's whack!!! I'm so confused by that one, even after decoding it. Very nice :) -Dan
Forum: XSS Info
5 years ago
DoctorDan
Thx, ma1. Yeah that's what I've come to notice. I suppose we were talking silly relating the "bracket accessor" to equivalency of objects. Two different things... Anyways, we can use that, because top('alert(1)') works just fine. -Dan
Forum: XSS Info
5 years ago
DoctorDan
@ Gareth, but does it really explain that equivalency? I mean, [1,2,3]!=[1,2,3]. I think it's something weirder than that. -Dan
Forum: XSS Info
5 years ago
DoctorDan
I liked thornmaker's, so I did something somewhat similar: ['ale'+'rt'].map(top['ev'+'al'])[0]['valu'+'eOf']()(1) edit: or, slightly more interesting, ['ale'+'rt']['m'+'ap'](top['ev'+'al'])[0]['valu'+'eOf']()(1) edit: I also have noticed that, top['eval'] === top['anything',1,0,false,true,null,undefined,'eval'] -Dan
Forum: XSS Info
5 years ago
DoctorDan
Nice! The slides look good. Who is your audience and what will their background be? I'm actually just a few T stops away (I go to Tufts)! Would love to go, but I'm not back to school for a while. Are you an MIT student? -Dan
Forum: Projects
5 years ago
DoctorDan
--Sorry, double post--
Forum: Projects
5 years ago
DoctorDan
Yes, happy new year!!! I would make a resolution, but I'm a slacker :P -Dan
Forum: OMG Ponies
5 years ago
DoctorDan
Not okay! Good finds. -Dan
Forum: Full Disclosure
5 years ago
DoctorDan
Lo mismo a ti, thrill! Merry Christmas :) -Dan
Forum: OMG Ponies
6 years ago
DoctorDan
Gareth, .mario, those past few posts have got some good stuff! Never knew you could define an entity... Also, good (well, probably bad) to see some new XML vectors coming out of this thread. -Dan
Forum: XSS Info
6 years ago
DoctorDan
Excellent!! We're unstoppable :D
Forum: News and Links
6 years ago
DoctorDan
Gee, you must be talking about this: "3.0 Inch TFT LCD 12M pixels Digital Camera with touch screen button - 8X Digital Zoom" Now I love the features and will surely buy it! -Dan
Forum: OMG Ponies
6 years ago
DoctorDan
I know, I love hearing what Ronald has to say, hacking or otherwise. But if he thinks it's time to go and that leaving for a while is a good thing, then so be it. I hope we still hear from him time to time and that in the future he may come back. And a DDOS... I mean, it really just lacks elegance. -Dan
Forum: OMG Ponies
Pages: 12345...LastNext
Current Page: 1 of 6