Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Who's got it? Who's giving it away? How to protect your privacy and steal it from other people. For intellectual privacy, personal privacy, and blackhats alike... 

Current Page: 1 of 1
Results 1 - 20 of 20
6 years ago
majak
lol @ the guy below me...;-) If you want us to believe you, show some evidence. And I don't see much difference between 100% and 2000% CTR, both are far too much.
Forum: Search Engine Hacking and SEO
6 years ago
majak
What its argument does? I can't find it documented anywhere. It looks like something with indenting, but clear explanation would be nice;-)
Forum: XSS Info
6 years ago
majak
It makes over 1000 iframes like these: <iframe name='c' src='?a382' width=258 height=594 style='display:none'></iframe> <iframe name='9a4506869' src='?a1bdc' width=706 height=396 style='display:none'></iframe> <iframe name='6' src='?094' width=598 height=81 style='display:none'></iframe> <iframe name='ec6c096c831f' src='?99ca519bbe1' width=267 height=19
Forum: XSS Info
6 years ago
majak
I found something about it with help of google translate here: http://google.com/translate?u=http%3A%2F%2Fwww.nosec.org%2Fweb%2Findex.php%3Fq%3Dnode%2F95&langpair=zh%7Cen&hl=en&ie=UTF8 So maybe you can make your own opinion wheater it is malicious or not. But it lacks documentation, I'm not familiar with all of it's features.
Forum: SQL and Code Injection
6 years ago
majak
maybe they have some better authentification then just plain cookies, for example IP paired with SESSID.
Forum: XSS Info
6 years ago
majak
I can't read chinese either, but there are some posts in english, like http://www.nosec.org/web/index.php?q=node/95#comment-3727 (But perhaps its only false alarm.)
Forum: SQL and Code Injection
6 years ago
majak
I think you can do INTO OUTFILE. Use hex encoding, so you won't need quotes. Look here: http://ferruh.mavituna.com/sql-injection-cheatsheet-oku/#HexbasedSamples (In fact I never tried it in mysql 4, only in mysql 5. But there is chance that it will work. )
Forum: SQL and Code Injection
6 years ago
majak
At first, i don't know why are you doing it so obscure. Tell me, what exactly do you want to do? Then, why your example fails... After first ')', paren is -1. And then, after '(', paren is 0, so it is changed to Infinity. It won't increase or decrease anymore. I hope this helps. (And btw, this function returns nothing, str.substr(0,pos) won't strip str, it only returns that stripped value (and e
Forum: Projects
6 years ago
majak
Line numbers would make Codetcha more usable, because I have to count lines every time I miss something:-). And btw, i already solved hard two times, its not that hard when you spot what kind of errors it procudes. But when i first saw it, i didn't know what I am supposed to do and it took me quite long...
Forum: Robots/Spiders/CAPTCHAs, oh my
6 years ago
majak
but one salt for all passwords stored in file means that you need only one rainbow table... it loses it's main feature. or i get you wrong and you mean one salt for each user in one file? (it doesn't sound good for me, but maybe there is nothing wrong about it)
Forum: CSRF and Session Info
6 years ago
majak
so, quick google search discovered this: http://www.php-editors.com/forums/mysql-help/5496-phpmyadmin-used-public-db.html http://www.webdeveloper.com/forum/showthread.php?t=83252 in fact, i don't know whether these are trustworthy sources, but why not:-). and maybe you can set up some script (on some free hosting) written in php to connect to the DB and obtain the data you want.
Forum: SQL and Code Injection
6 years ago
majak
maybe they are blacklisting some words like "union". try if script.php?id=1 or 1=1/* and script.php?id=1 and 1=0/* works or not. it may help you (or not;-)).
Forum: SQL and Code Injection
6 years ago
majak
yes, you are right. i was talking about this very specific case, where everything (except password:-)) is known and you manage to reverse hash. and, what's point of delimiter? (i can't think of any except it slightly helps salting)
Forum: Privacy
6 years ago
majak
I don't think it will be misleading, because he will get $salt.$password.$salt. And if he knows $salt, he will $password. (Assuming that he won't find some collided nonsense.) But if it is salted, there is almost zero chance to find that hash.
Forum: Privacy
6 years ago
majak
i think he wants http://noscript.net/ (you meant incoming to server or incoming to you?)
Forum: SQL and Code Injection
6 years ago
majak
you can't union two tables with * unless they have same number of columns.
Forum: SQL and Code Injection
6 years ago
majak
'x' is not x. 'x' is string and x is column name. so x=x can't work if there is no column named x. and if it's really delete query, they think before you act, because you could easily empty invitations table.
Forum: SQL and Code Injection
6 years ago
majak
i don't if it is possible, but if it is, it could be very annoying. imagine malicious website which sets your homepage to chrome://global/content/alerts/alert.xul :-)
Forum: Bugs
6 years ago
majak
19. salting
is there some standard on how to salt passwords? somthing like hashed = hash(salt+password)? i have already seen hashed = hash(hash(salt)+hash(password)). and my own invention:-) is while (length(password)<20) password+=password; hashed = hash(password); how do you salt passwords and what method would you (not) recommend?
Forum: Privacy
6 years ago
majak
it is google's special search feature, for (more) information look here: http://www.google.com/options/specialsearches.html
Forum: Bugs
Current Page: 1 of 1