Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
How do we crash systems, browsers, or otherwise bring things to a halt, and how do we protect those things? 

Current Page: 1 of 1
Results 1 - 25 of 25
5 years ago
Torstein
Hi, been a long time since i last posted. I only recently discovered the use of the CSS history hack where the javascript could guess which gender you have. This got me thinking; how much information can actually be gathered about a person by using web hacking techniques? I have a few ideas, and I hope you have more :) (Also, this would be an awesome demo - but I don't have the JavaScript
Forum: XSS Info
6 years ago
Torstein
So, the contest got me fascinated with these XSS-worms again, I wondered what would be the best way to track them. I'm thinking of something which is part of the payload, for example you could know which generation the worm is by adding 1 to a variable each time it copies itself. So say we have an integer gen = 0 for the first worm, every worm it creates get the variable gen = 1 and so on. Of c
Forum: XSS Info
6 years ago
Torstein
Using Opera 9.23 and IE 6.0.2900.2180 (xp pro,sp2) 1<img src="/" onerror=alert(1)>FF2: no / IE7: yes / Opera: yes / IE6: yes 2<img src="." onerror=alert(2)>FF2: yes / IE7: yes / Opera: yes / IE6: yes 3<img src="" onerror=alert(3)>FF2: yes / IE7: yes / Opera: no / IE6: yes 4<img src=. onerror=alert(4)>FF2: yes / IE7: yes / Opera: yes / IE6
Forum: XSS Info
7 years ago
Torstein
As with the recent "Death by 1000 cuts" paper, not encrypting passwords is just plain stupid.
Forum: Projects
7 years ago
Torstein
Total Commander!
Forum: OMG Ponies
7 years ago
Torstein
Cool... Works in Opera 9, Firefox 1.5 and Mozilla.... and probably the rest. You usually has to break out of "" or '' though.
Forum: XSS Info
7 years ago
Torstein
Web as we know it is gone in a few months anyway. :P
Forum: News and Links
7 years ago
Torstein
It'll be boring if it hold the title till next year.
Forum: News and Links
7 years ago
Torstein
Dette var jævlig morsomt. Å snakke på morsmålet slik som dette ville vel få meg kickbanna fra de fleste forum. :) Nåvel.. All the fun we have...
Forum: OMG Ponies
7 years ago
Torstein
It is comprehedable swedish... (I'm norwegian, so... norsk ligner ganske mye på svensk, ikke sant?) But now I came to wonder, where are you from? And why did you bother to learn a scandinavian language?
Forum: OMG Ponies
7 years ago
Torstein
And the amazing thing is that they've made the exact same mistake before.
Forum: OMG Ponies
7 years ago
Torstein
Looks reliable enough :P
Forum: News and Links
7 years ago
Torstein
I highly doubt Google executes the javascript it crawls. Good idea though.
Forum: OMG Ponies
7 years ago
Torstein
Is this "whatever" some politically corect term? Or is it simply an all use image thingy...
Forum: OMG Ponies
8 years ago
Torstein
There's more talk about the channel on the forums than there is talk at the channel at all. So it seems, anyway :P
Forum: OMG Ponies
8 years ago
Torstein
If we could get a alert("This message only pops up in IE, swicht to a better browser today!") into the worm aswell, we could end up with a worm actually doing good stuff :) Anyway, my latest idea: 1) A javascript search the page it's on for links 2) You build the worm, choosing attack vectors from an array. When you do, you also add the index to a string. This time, the next time
Forum: XSS Info
8 years ago
Torstein
So... I have an idea. Say you want to take down google.com, which has huge amounts of bandwidth available (or should have, anyway), you'd have trouble using normal methods. And if you happen to be a virus/worm writer, you could just include some input from http://google.com and eval the input. If the worm/virus is spread enough, there would be quite a pressure on google to replace their inde
Forum: DoS
8 years ago
Torstein
If we are doing foreign sites :P Large norwegian search-engine: http://sesam.no/search/?q=%22%3E%3CSCRIPT%3Ea%3D%2FXSS%2F%3Balert%28a.source%29%3C%2FSCRIPT%3E&c=d&x=39&y=9 Newspaper: http://www.dagbladet.no/tekstarkiv/index.php?string=%22%3E%3CSCRIPT%3Ea%3D%2FXSS%2F%3Balert%28a.source%29%3C%2FSCRIPT%3E TV Channel: http://www.tvnorge.no/index_sok_html?area=internet&searc
Forum: Full Disclosure
8 years ago
Torstein
I thought he meant something like: <A HREF="javascript: //change the style of splash to hidden">Welcome to my site</A><DIV ID="splash"STYLE="position:fixed;width=100%;height=100%;top:0;left:0;bottom:0;right:0;"> </DIV> But after re-thinking, that would be hard to do in myspace. :)
Forum: OMG Ponies
8 years ago
Torstein
Change the style attribute of the div with javascript. Should work :)
Forum: OMG Ponies
8 years ago
Torstein
Uhm... http://www.hackerscenter.com/public/images/XSS.js I believe someone is trying to deface the page with XSS. It's not too sucessful, and I don't belive it's meant in a really bad way. I'll take a closer look at it when I come to school. :)
Forum: OMG Ponies
8 years ago
Torstein
Let's get some limits :P You don't want the worm to be independent of anything, including a webserver. No outputting to .js files. No mhtml issues. And no JSON API's. They all require that you have control over a webserver (If I haven't misunderstood anything, that is). And yes, I love being a pain the the ass :P We're left with the iframe, but the worm don't know how to exploit the XSS hole
Forum: XSS Info
8 years ago
Torstein
How would the worm fetch the search results? And I dont "want" the worm to be bound to a web app or site. (Makes it sound like I'm gonna make one (Im not)) The reason is that a worm like that would be prette much unstopable without some fix from the major webbrowser. After all, who can fix a couple of thousand XSS holes in a couple of thousand web apps? That'll be the real strength of
Forum: XSS Info
8 years ago
Torstein
So... I've been thinking on the concept of true JavaScript worms that would spread through XSS holes. All the XSS worms until now (as far as I know) have been bound to a specific website. So... Are true JavaScript worms possible? I imagine the following. 1) The "mother worm" is injected to some superpopular website. 2) When a user moves to the page the worm is on, the worm take
Forum: XSS Info
8 years ago
Torstein
I'll guess I'm another one those lurkers :) Took some time to activate the account, the possibility that the confirmation email ended up in the spam folder took me days to figure out (Using GMail, but I guess nobody is to blame). My name is norwegian, and so am I. I've spent a few years in the UK though. And there is only 6 months until I'm 18 :D I run the website norhack.net, which is suppo
Forum: Intro
Current Page: 1 of 1