Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
How do we crash systems, browsers, or otherwise bring things to a halt, and how do we protect those things? 

Pages: 12Next
Current Page: 1 of 2
Results 1 - 30 of 45
4 years ago
XaDoS
very good article man! i added you on MSN for speak about some way to bypass the token for CSRF attak. see you later!
Forum: XSS Info
4 years ago
XaDoS
*all this topik only for old old version of chrome* Today i discover a XSS vuln on a normal site.. but when the alert go up you have to click ok for all the alerts of the page (very much) or you can click the option that say like: "prevent the dialog box to appear more alert" OK i say, i click enter button for accelerate process and see.. boom! Crash.. so i try to write a stupid PoC
Forum: Full Disclosure
4 years ago
XaDoS
he write wep in title of topik. Well.. for wep craking it's easy, the simplest way is download backtrack and do this work with some stuff pre-istalled on it. you can find more information (more more more) if you write: wep craking with backtrack on google.com ;) xados
Forum: Wireless Security
4 years ago
XaDoS
Yuo can try to use a permanent xss vuln on a profile of community or in a page and paste the code of the worm here, so all the users that visity the page should be infected.
Forum: XSS Info
4 years ago
XaDoS
thanks so much pappy, i try with http://cloakedlink.com/ and work fine: the site don't show me the message with the referrer problem..but don't work the csrf :( i don't understand what is the problem.. but i'm trying in the next days.
Forum: CSRF and Session Info
4 years ago
XaDoS
The site http://www.srcibd.com, a network community(che Obama ha usato per la sua campagna elettorale) it's a big community that fight with amazon.com for the 1° most visited site at world. (now scribd have 55 milion of visit evry month) It's vulnerable to xss, permanent xss, js injection and CSRF (all DISCOVERED BY ME) #### XSS: http://www.scribd.com/my_docs?query=//%3Cfont%20color=%22
Forum: Bugs
4 years ago
XaDoS
ok but how can i send the referrer trought html(with csrf code) page?
Forum: CSRF and Session Info
4 years ago
XaDoS
Hey guys! Some weeks ago i try to code a html page for the php nuke v 8.0 becouse i see that is vulnerable to csrf attack. I see that a malicious person can add a admin user into a board with administrator privileges. I have only a problem that i write in my last topik here: HTTP_referrer.. the site, when i try to add admin user respond me: yuor broswer don't send the HTTP_referrer header.
Forum: CSRF and Session Info
4 years ago
XaDoS
send me your vuln site in PM and i complete yuor query ;) your damned mistake is that yuo used a mysql sintax for MSsql db. LoL, send me.
Forum: SQL and Code Injection
4 years ago
XaDoS
If you can post the url / or with PM i try to help you :] ByEz XaDoS
Forum: XSS Info
4 years ago
XaDoS
you have an error in syntax: mayb you musn't use ( before select..
Forum: SQL and Code Injection
4 years ago
XaDoS
eheh.. i don't know .. :(
Forum: CSRF and Session Info
4 years ago
XaDoS
the anti-sec team used a priv8 exploit for ssh service (latest version). on the web there are only a fake exploit, with a malicious shell code on it. The team that have this exploit , have all internet web application side in your hands.
Forum: News and Links
4 years ago
XaDoS
uhm..it's impossible becouse I 'm logged in with admin account.. se the referrer is normal.. like http://mysite../../admin/..
Forum: CSRF and Session Info
5 years ago
XaDoS
I found a csrf vuln on famous board trough a "hacker" can add a admin user with admin privilege on site. But i have a problem, when i try it (like admin user, click on csrf code) the site respond me: WARNING: yuor broswer don't send the HTTP_referrer header. I don't understand why the site don't accept my POST request, how can i bypass this, or how can i send it? thnaks in advance, for
Forum: CSRF and Session Info
5 years ago
XaDoS
uhm bad idea; becouse i hope that with email we can't send a working xss.. We must use the xss in the profile!! like a user (not infected) visit my profile (the first infected) and boom! he's now infected and replic like this.. so for this we must create a code that write ( CSRF) same worm code on the profile of the user..
Forum: XSS Info
5 years ago
XaDoS
Ok guys, i'm ready to write a code, not for "destroy" online community but only for learn how to. finally I discovered a persisten XSS vuln on a profile of big online italian community. So i have a xss (persistent) on my profile, i see if there are some other vuln on mail box but i discovered only one: if yuo write a email to yuor friend and he respond you, you can write a maliciou
Forum: XSS Info
5 years ago
XaDoS
Hello guys! I discovered one day ago with my friend 3 CSRF on netlog and now i will see for myspace.. it's difficult I know, because there are some captcha, token and other protection but.. I want ask you why it's impossible change user_name of victim?? I try with a easy html code for try, but don't work.. and I will know the motivation of it. my_poc: <!DOCTYPE html PUBLIC "-//W3
Forum: CSRF and Session Info
5 years ago
XaDoS
why you rip my code and re-open a same topik?? and you understand that it's not a vuln !!
Forum: DoS
5 years ago
XaDoS
The only way when you have mysql 4 is brute force for discover table_name and user_name ; maybe sometimes it's easy with table called "users" or column called "password" you can try the easy words for see if the ste have normal table_name; else, i repeat: brute force.
Forum: SQL and Code Injection
5 years ago
XaDoS
uhm.. you are sure that exist the path /etc/passwd ? maybe it's another one.. yes, you have permission to read file.. it's so strange, if you want link me the site for a really help!
Forum: SQL and Code Injection
5 years ago
XaDoS
@.@ sorry but maybe you don't understand the xss vuln and the cookie stealer the cookies are yuors? or of admin/other user...? read atutorial about xss. really, before post; yuo can find with google
Forum: XSS Info
5 years ago
XaDoS
@ anarchy angel: RonPaul say: "i tried the proc/self/environ, blank page "
Forum: SQL and Code Injection
5 years ago
XaDoS
thanks a lot for the link.. in the paper i discver my error and so now i have no problem !
Forum: SQL and Code Injection
5 years ago
XaDoS
hai scritto quasi tutto sbagliato LOL mario where are yuo from? I'm from turin :) italian 100 %
Forum: SQL and Code Injection
5 years ago
XaDoS
yhea yuo have to know more info like verison of the box machine and others.. when yuo know this informations i can post the default path for every type of machine.
Forum: SQL and Code Injection
5 years ago
XaDoS
yes i know. it's not a vulnerability... only a script called maybe.... a bit bastard :)
Forum: DoS
5 years ago
XaDoS
ok so, i tryed with hex encde but don't work; the db respond always that there is error near the first ' (of '<php?..) and the error is like MysqL error: SQL/DB Error -- (for sirdarckcat: yes man i use only /home/www/path/file.php.inc) so whatever i put the error is always near '\'/home/www/path/\'/* but whne i don't encypt %27%3C?%20system%28$_GET[%27lol%27]%29;%20?%3E%27 i ha
Forum: SQL and Code Injection
5 years ago
XaDoS
very nice tutorial ! congratz and thanks for explaining very well the into outfile part
Forum: SQL and Code Injection
5 years ago
XaDoS
hey i have a problem with a site that i am intersting to rooting.. so i write xx.com/page.php?id=1 union select 1,2,3,load_file(',,,?),.. and ok! so i search a path (like /home/www/root/) and i find it! but when i write: www.site.com/page.php?id=-1/**/union/**/select/**/1,2,0x3c3f2073797374656d28245f4745545b276c6f6c275d293b203f3e,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22/**
Forum: SQL and Code Injection
Pages: 12Next
Current Page: 1 of 2