Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
If you have some interesting news or want to throw up a link to discuss it, here's the place. Anything is okay, even shameless vendor launches (since that is often applicable to what we work on). 

Current Page: 1 of 1
Results 1 - 30 of 30
11 months ago
infinity
Hey everybody, i wish you all a very Happy New Year 2014! love, infinity
Forum: OMG Ponies
1 year ago
infinity
Hi jammy99, instead of using the multiplication by 2 in rand(0)*2 you can try to divide by 1/2 or 0.5: rand(0)/(1/2) rand(0)/0.5 This avoids the asterisk * and the result is the same, at least this is the case on my system :)
Forum: SQL and Code Injection
1 year ago
infinity
Hi sandeep, welcome to the board :)
Forum: Intro
1 year ago
infinity
That's awesome.
Forum: OMG Ponies
2 years ago
infinity
Distributed Denial of Service Prevention Techniques B. B. Gupta, R. C. Joshi, Manoj Misra http://arxiv.org/abs/1208.3557 QuoteThis paper presents overview of DDoS problem, available DDoS attack tools, defense challenges and principles and a classification of available mechanisms that are proposed in literature on preventing Internet services from possible DDoS attacks and discuss the
Forum: DoS
2 years ago
infinity
Hi, the victim user should be someone who the website "trusts". If the user has an account and is logged in, the website can recognize this particular user, maybe because a cookie has been written - the cookie is there after the login of the user. That is just one possibility. And of course the website must be vulnerable to CSRF for the attack to work. As an attacker we do not nece
Forum: CSRF and Session Info
2 years ago
infinity
Hi, what do you mean by encoding? Something like putting the PHP code of a web shell in base64 encoded form into a GIF or JPEG image and upload that? If it is supposed to be a pure image file upload, the uploaded files may be saved with an image file extension (like .gif or .jpg) on the server and they will not be parsed for PHP code by the server. An old trick, which really should not work
Forum: Obfuscation
2 years ago
infinity
Hi, CSRF is an attack where the attacker interacts with a web application or website not directly by sending an HTTP request to the server, but indirectly by making a victim user send that request. The victim is somebody who the web application trusts, for example it could be a user who is logged in at the website at the moment of the attack. For example, a user of some CSRF vulnerable socia
Forum: CSRF and Session Info
2 years ago
infinity
Hi, this behaviour is not an indicator of a vulnerability, it could be that the script is testing the parameter for plausibility inside an if/else construct which redirects all strange or non-fitting requests to the start page instead of showing an error message or doing nothing at all. From the presence or absence of error messages and redirects alone we cannot conclude that there is some S
Forum: SQL and Code Injection
2 years ago
infinity
Hi, generally, this could be anything or nothing at all. If it is part of a URL, it looks like an ordinary GET parameter which is passed to the server. This could be a product id of a shop item, the id of a forum member, a page id generated by some weird CMS ... without knowing the context, anything is possible. From the characters used in "365b158b-a0ca-41ca-9337-2f6ed2e6e3bb" it
Forum: SQL and Code Injection
2 years ago
infinity
The Stanford Encyclopedia of Philosophy has an article on the concept of privacy by Judith DeCew, which discusses the following topics: (1) the historical roots of the concept of privacy (2) the critiques of privacy as a right (3) philosophical definitions or defenses of privacy as a concept (4) the challenges to privacy posed in an age of technological advance http://plato.stanford.e
Forum: Privacy
2 years ago
infinity
It looks like geocities.com is not completely dead: http://www.google.com/search?q=site:geocities.com And there is still some cool stuff online: Joan Stark's ASCII Art Gallery: http://www.geocities.com/spunk1111/ an Atlas of Cytopathology and Cytology: http://www.geocities.com/jcprolla/Cytopathology_Atlas.html Star Trek - The Original Series - Web Site: http://www.geocities.com/are
Forum: OMG Ponies
2 years ago
infinity
Hi lightos, yes, nice job! This is a very useful knowledge base. Thank you for all the hard work you have put into it.
Forum: News and Links
2 years ago
infinity
Which version of the internet explorer are you using? I have uploaded an HTML page with your code, using the stylesheet from my website, on a completely different domain on a different IP address. And I have the same page on my local Apache, using the same stylesheet from the web. The third possibility is to open the file locally. All three possibilities seem to work with Internet Explorer 9
Forum: XSS Info
2 years ago
infinity
Carbylamine is a PHP encoder to obfuscate or encode PHP Files. The script is written in PHP and can be downloaded here: http://code.google.com/p/carbylamine/
Forum: Obfuscation
2 years ago
infinity
Hi idisappear, from my experience almost nobody uses public key encryption for email communication, even for sensitive informations like passwords. Everything is sent in plain text. Nobody has ever asked me about a public key. The last time when I asked somebody for a public key all I got was a blank stare like this: o_o If you are worried that someone might read your emails you really shoul
Forum: Privacy
2 years ago
infinity
Edit: The spam has been removed. Thanks! ... some unicode snowflakes from me: ❄ and ❅ and this one here ❆.
Forum: Intro
2 years ago
infinity
Hi Kyran, welcome to sla.ckers! :-)
Forum: Intro
2 years ago
infinity
19. lssbot
Here is another bad bot for the blocking list, seen today: User-Agent: lssbot IP: 68.68.3.114 rDNS: 68-68-3-114.applecreek.pathcom.com robots.txt: no Recursively scraped the entire website, including SVG ressources and some honeypot pages with autogenerated rubbish. Purpose: unknown.
Forum: Robots/Spiders/CAPTCHAs, oh my
2 years ago
infinity
Hi Phoebe, preg_replace with the /e modifier can sometimes be used as an alternative to eval(). preg_replace has three arguments here. Let's look at the second argument. First we have to decode this thing here: \x65\x76\x61\x6c\x20\x28\x20\x67\x7a\x69\x6e\x66\x6c\x61\x74\x65\x20\x28\x20\x62\x61\x73\x65\x36\x34\x5f\x64\x65\x63\x6f\x64\x65\x20\x28 From this we get: eval ( gzinflate ( base64_
Forum: Obfuscation
2 years ago
infinity
Happy new year @all sla.ckers! I have always been wondering why somebody would consider it a bright idea to post spam on this forum. It's nice and dark here :)
Forum: OMG Ponies
2 years ago
infinity
Hi lazer, the code above is a webshell, which takes the content of the Accept-Language request-header field as input for an eval. The second part of the code in the description of the exploit will generate and send the content to the target system. There are many ways of tricking the target server into executing the code of the webshell. This does not mean that the code always has to be pres
Forum: DoS
2 years ago
infinity
When I visited the website with the pictures, I found this: Sun Tzu said, “FHTTP/1.1 200 OK Content-Length: 37718 Content-Type: image/jpeg Last-Modified: Thu, 21 Jul 2011 08:52:22 GMT Accept-Ranges: bytes ETag: "bc5a5b818347cc1:168e" Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET ...
Forum: OMG Ponies
2 years ago
infinity
Hi, this is not new, but I thought I post it here, because some of you may enjoy decrypting a little secret message. At the beginning of this year Amazon started some kind of mail service and an interesting picture has been published somewhere on their website. You can find and download the file here: http://awsmedia.s3.amazonaws.com/ses_hero_lg.png The picture shows a mail envelope with
Forum: OMG Ponies
3 years ago
infinity
Hi madhu, I fail to discover a pattern, I think that this is just too little information. Maybe it would be helpful to know something about the context where the numbers on the left are transformed into alphanumeric sequences of characters. So far we know next to nothing. It could be a mapping, but we don't know anything about its properties, for example if the assignment of numbers on the l
Forum: OMG Ponies
3 years ago
infinity
@Skyphire a big part of the GeoCities content has been available as a torrent file from a group called the Archive Team and maybe you can still download it. The file was huge, about several hundred gigabyte. I didn't download it, because I don't have enough space and downloading it would take ages with my slow connection. On http://reocities.com/ you can browse through some of the old pages
Forum: OMG Ponies
3 years ago
infinity
Hello id, thanks for the update, everything looks fine to me. The link to rain forest puppy's Full Disclosure Policy in the "Full Disclosure" category is broken. It seems that his website wiretrip.net has been down for a very long time. The policy is available as a .txt file from packetstorm: http://dl.packetstormsecurity.net/papers/general/rfpolicy-2.0.txt
Forum: News and Links
3 years ago
infinity
Hi, but it would not work in this case. If the brackets < and > are filtered and space is replaced by %20, the result would be something like this: <a href=http://site.com?123.html#?php%20echo%20chr(12)?>link</a>
Forum: XSS Info
3 years ago
infinity
Hi, this is an interesting problem and it is also very hard, because of the endless possibilities to design webpages and URLs. As rsnake wrote, the hash value of two pages will almost always vary if only one single character changes. Stripping all HTML elements will not help here. Using hashes can be a way to detect exact duplicates of pages, but it will fail to detect near-duplicate pages.
Forum: Robots/Spiders/CAPTCHAs, oh my
3 years ago
infinity
Hello everybody, I've been reading this forum for some years and seeing that it is back after the downtime I decided to finally join. At the moment I'm studying mathematics. I'm interested in mathematical logic, the foundations and philosophy of mathematics, algorithmic number theory and cryptography, and many other things :D I like XHTML, SVG and Perl. Greetings from Munich, Germany
Forum: Intro
Current Page: 1 of 1