Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
How do we crash systems, browsers, or otherwise bring things to a halt, and how do we protect those things? 

Pages: 12345Next
Current Page: 1 of 5
Results 1 - 30 of 129
1 year ago
Albino
This is just like typical CSRF, except you need enctype='multipart/form-data' in your payload form.
Forum: CSRF and Session Info
1 year ago
Albino
Instead of stealing the cookie, use BeEF
Forum: XSS Info
1 year ago
Albino
I'm not sure what you actually want but http://www.lightbluetouchpaper.org has some decent academic stuff on authentication eg http://www.lightbluetouchpaper.org/2012/05/22/the-quest-to-replace-passwords/ http://www.lightbluetouchpaper.org/2012/12/14/authentication-is-machine-learning/
Forum: DoS
1 year ago
Albino
onformchange="document.innerHTML=location.hash" See also http://www.thespanner.co.uk/2012/05/01/xss-technique-without-parentheses/
Forum: XSS Info
1 year ago
Albino
For posterity, none of the above techniques appear to work anymore but this works in Opera: <input type=hidden onformchange=alert(2)/> Courtesy of http://html5sec.org/#23
Forum: XSS Info
1 year ago
Albino
Take a closer look at shazzer - most of the vectors have a single exotic character. By chaining together a few different ones you could create something pretty interesting. https://twitter.com/XSSVector has some good tricks too.
Forum: XSS Info
1 year ago
Albino
First of all to gain a solid understanding of XSS I recommend http://lcamtuf.coredump.cx/tangled/ . I think that will help more than disconnected examples. But, since you asked, I'll try to answer from memory: Case #01: Look at the first page of the thread; this is a bypass of Gareth's JSReg sandbox. http://sla.ckers.org/forum/read.php?2,29090,page=1 Case #02 and #05 and #06: These all re
Forum: XSS Info
1 year ago
Albino
Not as far as I know, but don't let that stop you trying.
Forum: SQL and Code Injection
1 year ago
Albino
Just find XSS on a subdomain, then inject document.cookie='cookiename=xsspayload; domain=topdomain.com'; https://www.youtube.com/watch?v=hB2lPJldYQI
Forum: XSS Info
1 year ago
Albino
Depends. If you get xss in any subdomain you can inject cookies. Also, sometimes you get code that places user input directly into cookies, so you can inject new cookies using ; or , A certain hackxor level relies on this :)
Forum: XSS Info
1 year ago
Albino
Filtered as in removed, although in this case it doesn't make any difference. \ isn't an escape character in HTML attributes.
Forum: XSS Info
1 year ago
Albino
Opera only: Location: data:text/html,<svg/onload=alert(document.domain)> Have you tried injecting http headers?
Forum: XSS Info
1 year ago
Albino
<input value=""/> The input is filtered for " and nothing else. < and > are perfectly allowed. I feel that this must be exploitable in some browsers but I don't see how. Any ideas?
Forum: XSS Info
1 year ago
Albino
When I encountered it ~1 year ago this worked: http://nomoreroot.blogspot.co.uk/2008/08/ie8-xss-filter.html
Forum: Obfuscation
1 year ago
Albino
Looks like the code uses gpg already, so encryption-wise it might already be mostly secure.
Forum: Privacy
2 years ago
Albino
Just rip out their encryption and rebuild it using a library you trust like http://php.net/manual/en/ref.gnupg.php
Forum: Privacy
2 years ago
Albino
I'm not sure what you're asking. What do you mean by valid?
Forum: SQL and Code Injection
2 years ago
Albino
I don't think so.
Forum: XSS Info
2 years ago
Albino
There isn't much you can do in this situation. You can redirect the page, and if the parent uses X-Frame-Options: SAMEORIGIN then you bypass that and launch UI-redressing attacks; see http://www.skeletonscribe.net/2012/06/x-frame-options-sameorigin-warning.html
Forum: XSS Info
2 years ago
Albino
iirc this kind of thing is not exploitable in firefox&chrome (and even the latest IE), since they respect the Content-Type header.
Forum: XSS Info
2 years ago
Albino
If you're young, the 'good old days' are before your time by definition.
Forum: News and Links
2 years ago
Albino
What companies do you use to host your pocs&tools? Are there any in particular that are both secure and unlikely to throw a fit if you host a proof of concept?
Forum: OMG Ponies
2 years ago
Albino
Interesting. A couple of initial questions; how is the password generated; does every user get a unique, static password generated when they install it? Also, what does this do that Content Security Policy doesn't?
Forum: News and Links
2 years ago
Albino
I have the following injection: <meta name="" content=""> The only characters accepted are a-Z 0-9 - and _ Any ideas? I can't use http-equiv and <meta name="author" input="albino"> just isn't severe enough for my taste. Viewport looks interesting but I can't use =.
Forum: XSS Info
2 years ago
Albino
Seems like it's related to security zones; the poc only works if it's in the trusted/local security zone. Ah well.
Forum: XSS Info
2 years ago
Albino
I have a page that loads a third party stylesheet and alert()'s some info from it. For some reason it only works if I open it locally; hosting the page anywhere breaks it. Here's the code: <html> <head> <link rel="stylesheet" href="https://SNIP" type="text/css"> </head> <body> <script> alert(document.body.currentStyle.f
Forum: XSS Info
2 years ago
Albino
I'd hazard a guess that most of the smaller email providers would, probably the ones with tight mailbox size limits. You could ask them to confirm, as long as you phrase it right. If you want to pay for hosting you might as well get a VPS and install the email server yourself; that way you can make sure it's relatively secure. However if you take this approach you'll have to worry about uptime and
Forum: Privacy
2 years ago
Albino
You don't need to run your own email server to achieve that. Just use a provider that provides delete-is-delete functionality (eg not gmail) and an email client that stores the messages locally. I use this approach myself, just remember to make backups. Make sure you're clear on who you're worried about and what capabilities they have. Someone burning a 0day to hack an email server is on a dif
Forum: Privacy
2 years ago
Albino
Could you inject alert(1)" style="position:absolute;top:0px;left:0px;right:0px;bottom:0px to make a link that executes js on a click and covers the entire screen?
Forum: XSS Info
2 years ago
Albino
Which inputs are safe depends on the context. It sounds like you're trying to make a blacklist which is an innately treacherous approach. The safer/easier option is to use a whitelist: ie allow and remove/carefully encode everything else. Also see: https://www.owasp.org/index.php/XSS_%28Cross_Site_Scripting%29_Prevention_Cheat_Sheet
Forum: XSS Info
Pages: 12345Next
Current Page: 1 of 5