Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Q and A for any cross site scripting information. Feel free to ask away. 

Pages: 123Next
Current Page: 1 of 3
Results 1 - 30 of 65
7 years ago
eyeced
My post was not directly related to the acunetix comments, just that the majority of xss is based on the idea that you could POSSIBLY get information from victims of the company, whereas an attack on the server would almost guarantee results. While the initial prospect of xss is not that worrying, it is the deeper research into xss that can become quite alarming such as the 'drive-by-pharming' and
Forum: Full Disclosure
7 years ago
eyeced
To be honest im kinda with jungsonn on this one, to make any sort of xss profitable it would have to be done on such a large scale, for example a mass phishing attack, which would give the attacker a 'possibility' of gaining sensitive information from the victims. Lets say an account login form, even if the attacker uses a proxy and hosts the fake pages on a site that is not traceable back to t
Forum: Full Disclosure
7 years ago
eyeced
An example of the google on http://www.google.co.uk/url?q=http://fakelogin.com Could be encoded (hex) into www.google.co.uk/url?q=%0D%0A%68%74%74%70%3A%2F%2F%66%61%6B%65%6C%6F%67%69%6E%2E%63%6F%6D%00 Which looks legitimate enough... *Just checked and google have patched this now* -They must actually have some one working for them that reads this forum constantly, as exploits in
Forum: Full Disclosure
7 years ago
eyeced
SW Wrote: ------------------------------------------------------- > Can someone explain how these are useful? -.- For phishing in the middle of the sea...
Forum: Full Disclosure
7 years ago
eyeced
http://www.google.co.uk/url?q=http://ebay.co.uk So i was looking on google, and the redirect was staring at me. Its on the personalise my home page link on google homepage, its alot longer than that link originaly but i started trimming variables from it and it turns out you only need that.
Forum: Full Disclosure
7 years ago
eyeced
Lol, a company that also needs a crack... I think more response would have been given to 'omg guyz w0t c4n i sp4mz with plz'
Forum: Projects
7 years ago
eyeced
Fuck me, thats an amazing find. Excuse the language, but that is quite magic.Well done trev. Although could you elaborate on this please.. "I can do whatever the users can do. For example I can spam other users in their name" Also, i think with a lot of thought and some sick ajax coding, there could be some potential here, for an amazing worm, especially after reading about bei
Forum: Full Disclosure
7 years ago
eyeced
I got one, no obfuscation at all. Still works at time of this post. Trying the obbvious <iframe src="http://ha.ckers.org/scriptlet.html"></iframe> gets stripped completely, but without ended the iframe the filter does it for you. <iframe src="http://ha.ckers.org/scriptlet.html" < gets returned as <iframe src="http://ha.ckers.org/scriptlet.h
Forum: Projects
7 years ago
eyeced
I dont no who exactly cares, its just if all the posts are simply links then it would make sense to condense them down thats all. Obviously nobody expects an entire conversation in one post. Nominet We manage over five million domain names, making us the world's fourth largest Internet registry. With 3,000 members, 130 staff and a turnover of £14m, we play a key role at the heart of UK e-comm
Forum: Full Disclosure
7 years ago
eyeced
surely you could just edit previous posts and add them, rather than add 3 in a row.
Forum: Full Disclosure
7 years ago
eyeced
rsnake Wrote: ------------------------------------------------------- > That's scary! REGISTER.IT huh? Sounds secure. > :-/ > > But no, really, how did they get their password, > that's the interesting part of this. Well maybe there a fan of xss.. http://we.register.it/orders/cart/neodomain.html?domain2=\%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E&dom
Forum: Full Disclosure
7 years ago
eyeced
Sorry, reading your last post i now get what you meant.
Forum: CSRF and Session Info
7 years ago
eyeced
1. You could use whiteacid's cookie stealer. 2. There are plenty of pre made cookie stealing scripts available 3. You could easily just host your own with apache This was mearly an alternative.
Forum: XSS Info
7 years ago
eyeced
I didnt say there had to be, i said it was more than likely there was. However obviously there doesn't need to be obviousy, as CSRF could be achieved in many ways, but surely the best way for this to happen on the page loading would be using xss, as many of the more popular sites block img tags to images that aren't actually images as well as many of the other useful tags. Although they could just
Forum: CSRF and Session Info
7 years ago
eyeced
Cookie stealing made very easy... Essentially all you will need to do to create a cookie stealer the easy way is to find an xss hole on the website in question, and if you cant do that then i must ask, why you would a cookie stealer in the first place... Basically all you have to do is set up the xss script to direct the user to the 'apparent' cookie stealing script, which could be for examp
Forum: XSS Info
7 years ago
eyeced
Okay this was hurrendous, after finding xss in blogspot the other day in kuza55's profile, i sound discovered it was a site wide issue and effected alot more people than kuza55, the xss is in the search tag. for example http://domain.blogspot.com/search?q=%3C%2Ftitle%3E%3Cscript%3Ealert%28%27hi%27%29%3C%2Fscript%3E i thought i'd create an account and enter a 'blog entry' to see what was filt
Forum: Full Disclosure
7 years ago
eyeced
Im pretty sure though that using AJAX that the session id could easily be retrieved, as if they are are able to get CSRF working then its most likely they have found an XSS flaw and if this is the case they could poke round the source for session id, or cookie stealing... http://christ1an.blogspot.com/search?q=%3C%2F%74%69%74%6C%65%3E%3C%69%66%72%61%6D%65%20%73%72%63%3D%22%68%74%74%70%3A%2F%2F
Forum: CSRF and Session Info
7 years ago
eyeced
<form method='post' name='xss' action='http://www.neopets.com/search.phtml?q=Z'> client:<input input="text" value="pub-9208792519293771" name="client" style="width:0%" /><br /> forid:<input input="text" value="1" name="forid" style="width:0%" /><br /> ie:<input input="text&qu
Forum: XSS Info
7 years ago
eyeced
Lol, the last one is the best. I think once a few more ideas start flying in we should make a research 'worm' or maybe not even a replicating piece of code, just something educational. This post has had me thinking all day about different ways and code by which to implement some of this, i've threw as much as i could together, but its really sloppy and sketchy at the moment.
Forum: Full Disclosure
7 years ago
eyeced
Okay, so now i have 2 massive posts on my possible AJAX attacks, ill just leave the more AJAX knowledge'd members to pull it apart and give me advice... or at least i hope. Thanks in advance.
Forum: CSRF and Session Info
7 years ago
eyeced
http://kuza55.blogspot.com/search?q=%3C/title%3E%3Cscript%3Ealert('hi')%3C/script%3E Lol, sorry Kuza. I was looking for the article about AJAX on your blog, i searched for it and instinctively included an < i checked the source and saw that it wasnt filtered, one thing led to another and here it is... I no the site isnt owned by you, so its not really your problem, more of a generic blogs
Forum: Full Disclosure
7 years ago
eyeced
....brits with crazy nicknames for everything, im not going to get into a full scale argument about this but this comes from the nation that speaks 'english' slightly slower and more high pitched, with names like sidewalk, yowg-hurt and pants... we do not have nicknames, we do not speak with an accent, this is just how things are supposed to sound. Pointless, unprovoked rant? I think so. It
Forum: Robots/Spiders/CAPTCHAs, oh my
7 years ago
eyeced
This thread is quite pointless really, i was just curious about some peoples names and would like to no why theyve chose it and what it means. Ill start off, the reason im 'called' eyeced on here pronounced iced, is because when playing xbox live a while back i wanted the gamertag aced (im love playing cards) which was taken, so i tryed iced instead, and ended up settling with eyeced... and th
Forum: OMG Ponies
7 years ago
eyeced
I no iv double posted but i didnt wana confuse people by adding more to what iv already put and to let them know that i have came back to this after more thought. For actual use of this, being able to delete tom automatically where would the code go, i mean it'd have to be placed on the page where the hash, token, and friendID of the victim are all present... Anyway, if anyone still has an an
Forum: CSRF and Session Info
7 years ago
eyeced
-id > Secondly, on an wireless encrypted network the MAC addresses are encrypted as well, so how would ARP poisoning do anything? < on an encrypted wireless network the AP and connected devices MAC address's aren't encrypted and can easily viewed in Kismet. Oh and about the ARP over unencrypted networks, it was my card... sorry guys.
Forum: Wireless Security
7 years ago
eyeced
I was looking into automatically deleting tom from peoples friends list, tried throwing some ideas together its in the CSRF section if anyone wants to comment/build on it.
Forum: Full Disclosure
7 years ago
eyeced
Im not sure whether i agree or not with the complexity of the two being more for XSS, on a basic level for example <img src=domain.com/password.php?newpass=omghaxed> then yeah i would agree XSS is far more complex than this, but CSRF requires alot more thought on CAPTCHA evasion or randomly generated hashs etc.. I think they both have simple levels to them, but thinking out of the box and ta
Forum: CSRF and Session Info
7 years ago
eyeced
Im really interested in CSRF, although this forum isnt as active as the XSS related ones, i'd be interested to read any CSRF exploits in sites that people have found, in sort of a So it begins thread for CSRF as im sure many other people would. So if any CSRF 'exploits' are found in websites i hope people will share and discuss, i have a dream that one day CSRF will be discussed as much as XSS...
Forum: CSRF and Session Info
7 years ago
eyeced
ARP poisoning is necessary to sniff traffic on a wireless network if it is encrypted agreed, but it is also necessary to use ARP poisoning on normal traffic if it is a wireless routing device, as packet sniffers even in promiscuous mode cannot pick up traffic meant for another device without ARP poisoning. DoS'ing wireless networks can be done through ARP poisoning aswell, aswell as de-authent
Forum: Wireless Security
7 years ago
eyeced
There are alot of issues when using a wireless network, on the home level. Mr W.driver drives around with his favourite wireless scanner running, say cain for windows, or kismet for linux as both of these can scan continueosly for wireless networks. He then finds a network that is unencrypted simply connects to it, knowing (through kismet) which type of router the wireless network uses he is then
Forum: Wireless Security
Pages: 123Next
Current Page: 1 of 3