Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
If you have some interesting news or want to throw up a link to discuss it, here's the place. Anything is okay, even shameless vendor launches (since that is often applicable to what we work on). 

Current Page: 1 of 1
Results 1 - 17 of 17
6 years ago
Alex
See my advisory for the whole story: http://www.bitsploit.de/uploads/Code/200802080000/ EDIT: CVE: CVE-2008-0751 candidate status assigned.
Forum: Full Disclosure
6 years ago
Alex
Now it's time to give out all information on turning you router into a sniffer. Product needed: AVM FRITZ!Box Fon WLAN 7050 or above (7170, etc.). There's an unlinked page in the webroot called capture.html which you can access without any CSRF protection when there's no set admin password for the router's GUI which seems to be the default setting. The router will listen to its hostname fri
Forum: News and Links
6 years ago
Alex
Sounds like someone has set the ATA-security password feature: http://www.heise.de/ct/english/05/08/172/
Forum: News and Links
6 years ago
Alex
Ok, before I can finish my attack for turning my router into a sniffer from the outside, I need a little help from you guys. The router's webserver instructs my webbrowser to save the content instead of just displaying it as a normal text file. Is there any solution for another website to save that content ? Maybe I've a mental block now ... I need anti dns-dinning for doing that job and I do
Forum: News and Links
6 years ago
Alex
Well, I still have to check several things one more time, but I think, that I can turn my SOHO router into a sniffer for WAN <=> LAN/WLAN, LAN <=> LAN, WLAN <=> WLAN and WLAN <=> LAN traffic. And you can do this attack from a remote location. ;) And it's a wide spread product ...
Forum: News and Links
6 years ago
Alex
@ Ronald: Of course, I know. That's why I mentioned it again. What about the missing quotes around id=foobar ? Does Firefox treat id not like name if surrounding quotes are missing ? User interaction should not be allowed.
Forum: XSS Info
6 years ago
Alex
What about this one, Ronald ? (143 bytes) ..._[0].value=... EDIT: Fixed typo. BTW: This code should grow in FF. The missing quotes will be added after the 1st run, won't they ?
Forum: XSS Info
6 years ago
Alex
@ .mario: Just let the others know, what you're talking about. ;) Kuza55 (Alex) @ 24C3: ftp://modi.sickos.org/pub/24C3/matroska/24c3-2212-en-unusual_web_bugs.mkv
Forum: XSS Info
6 years ago
Alex
@sirdarckcat: And where is: _ ? ;)
Forum: XSS Info
6 years ago
Alex
@shawn: Well, I'm doing a lot of optimization on the codes, but it only gets larger. :D I've replaced couples of chars with shorter ones, but when it goes to defining all the new variables, it beats me every time ...
Forum: XSS Info
6 years ago
Alex
@shawn: But this is against the rules. The stripped quotes will be inserted again.
Forum: XSS Info
6 years ago
Alex
I only tested IE7. IE7's order is also logical. And than I wrote this for FF 2.0.0.11: 2<img src="." onerror=alert('Please, ')>FF2: yes / IE7: yes / O: yes / S: yes<br> 3<img src="" onerror=alert('tell')>FF2: yes / IE7: yes / O: no / S: no<br> 4<img src=. onerror=alert('me')>FF2: yes / IE7: yes / O: yes / S: yes<br> 7<img src onerro
Forum: XSS Info
6 years ago
Alex
Sorry, had to add some more possibilities and browsers (new: Safari 3.04 Beta, Windows (Vista)): 0<img src=\ onerror=alert(0)>FF2: no / IE7: yes / O: yes / S: yes<br> 1<img src="/" onerror=alert(1)>FF2: no / IE7: yes / O: yes / S: yes<br> 2<img src="." onerror=alert(2)>FF2: yes / IE7: yes / O: yes / S: yes<br> 3<img src=""
Forum: XSS Info
6 years ago
Alex
As a sidenote: Rsnake pointed out the <img src> possibilities in IE7 before. Did someone else mention, that the dialog boxes don't pop up in the right order (counting from 1 to 8) in FF 2.0.0.11 ? It says: 2, 4, 3, 7. 1<img src="/" onerror=alert(1)>FF2: no / IE7: yes / O: yes<br> 2<img src="." onerror=alert(2)>FF2: yes / IE7: yes / O: yes<br&g
Forum: XSS Info
6 years ago
Alex
Hmm, I think I've made a mistake. I haven't tested Ronald's code before. I just changed onstart to onmouseover and added A at the end. As I can read in the specs from Mozilla about marquee it supports the event handler onstart also. But this doesn't work for me. So I thought, that this is the reason why Ronald said, that his code is only working IE. Well, so my code won't fix that. Always test be
Forum: XSS Info
6 years ago
Alex
EDIT: Removed 'cause onmouseover is not allowed. @.mario: onstart is described with the marquee-example in the XSS-cheat sheet. BTW: Why is <marquee> only working with JS enabled in FF ?
Forum: XSS Info
6 years ago
Alex
@ritz: You can use <img src=. foobar> and save two more bytes. Maybe I'm a little bit too late, but the robot has sent the confirmation email delayed. So, my 1st posting, guys. ;)
Forum: XSS Info
Current Page: 1 of 1