Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Q and A for any cross site scripting information. Feel free to ask away. 

Pages: 123Next
Current Page: 1 of 3
Results 1 - 30 of 61
7 years ago
Hong
It seems that it cannot detect variable width encoding. http://phpids.heideri.ch/?test=%ff
Forum: Projects
7 years ago
Hong
@Martin - it works in IE6.
Forum: Projects
7 years ago
Hong
It does not allow <img> but it allow <input type=image> http://phpids.heideri.ch/?test=%3cinput%20type%3dimage%20SRC=%22jav%09ascript:al%09ert(%26quot;XSS%26quot;);%22
Forum: Projects
7 years ago
Hong
Does any symbols allow inside [ and ]? If it allows "(), then
Forum: XSS Info
7 years ago
Hong
How about
Forum: XSS Info
7 years ago
Hong
I notice that the cursor property in IE6(don't know about IE7) maybe able to launch a port scanning without javascript. Cursor property let you define a list of cursors and if the browser cannot handle the first cursor, it should attempt to handle the second cursor, etc. In IE6, all GET requests of the cursor are following the sequence of the cursor list. It try to get the first cursor, if fail,
Forum: Projects
7 years ago
Hong
Hi everybody, Anyone remember the Firefox focus stealing bug disclosure by Michal Zalewski? http://lcamtuf.coredump.cx/focusbug/ffversion.html New versions of firefox restrict that it cannot transfer the focus to file input directly, but there is a way do this indirectly, which is using label. When a label get focus, the focus will transfer to other element pointed by the "for" at
Forum: Full Disclosure
7 years ago
Hong
@kishord I think your str1 is C:\\Documents and Settings\\username\\Cookies\\<user>@<domain>.txt. But C:\Documents and Settings\username\Cookies\<user>@<domain>.txt is in restricted sites, and C:\\Documents and Settings\\username\\Cookies\\<user>@<domain>.txt is in local zone. So the attribute of iframe src set by javascript should be C:\\\\Documents and Settin
Forum: XSS Info
7 years ago
Hong
Thanks all. It seems that IE does not allow local zone access from iframe, but it can through Redirection. The iframe src attribute is ttp://www.attacker.org/redirect, and it is a 302 redirect to mhtml:file:///C:\\Documents and Settings\\username\\Cookies\\<user>@<domain>.txt. It works on my windows2000 and IE6. But now I don't know which site has mhtml redirection service, I will
Forum: XSS Info
7 years ago
Hong
Thanks Ivan. The following webpage mention that the path and filename format of cookie. http://msdn2.microsoft.com/en-us/library/aa289495(vs.71).aspx QuoteAlternatively, you can explore cookies by locating their text files on your hard disk. Internet Explorer stores the cookies for a site in a file whose name is in the format <user>@<domain>.txt, where <user> is your account n
Forum: XSS Info
7 years ago
Hong
In my system(windows2000 and IE6), IE saves cookie under C:\Documents and Settings\username\Cookies, and the cookies filename is username@domain.txt(domain only include subdomain and second level domain, no TLD. And n is a number.), or username@path.txt if it has set the path attribute. Does other version of windows and IE using the same path and filename pattern? I am trying to make a further a
Forum: XSS Info
7 years ago
Hong
id, you probably become a criminal wanted by the Hong Kong government. :) Yes, only in Hong Kong. I don't think the same thing will appear in any other country/city. Now any CSRF attack can send me to jail. Maybe I should stop browsing the web.
Forum: OMG Ponies
7 years ago
Hong
http://www.khaleejtimes.com/DisplayArticleNew.asp?xfile=data/theworld/2007/May/theworld_May328.xml&section=theworld&col= I can't believe it.
Forum: OMG Ponies
7 years ago
Hong
@Mephisto - Operation aborted? This is a bug of IE, detail here: http://support.microsoft.com/kb/927917/en-us You can using document.write to add the script tag.
Forum: XSS Info
7 years ago
Hong
@kuza55 Even though it sets the document.domain property of subdomain.mysite.com/anyfile.html to mysite.com, mysite.com/anyfile.html also needs to set document.domain property to mysite.com explicitly, otherwise subdomain.mysite.com/anyfile.html cannot access to mysite.com/anyfile.html.
Forum: OMG Ponies
7 years ago
Hong
I just make a simple demo I think it is not difficult to generate this type of images, but maybe it is still too simple and computers can read. I know nothing about OCR, is there any anti-CAPTCHA software I can try? And does anyone can't read it?
Forum: Robots/Spiders/CAPTCHAs, oh my
7 years ago
Hong
Hello thrill, Change the limit, i.e. From 30 to others http://www.secexp.com/index.php?option=com_search&Itemid=5&searchword=%27%3Balert%28%27xss%27%29%3B%2F%2F&searchphrase=any&ordering=newest
Forum: News and Links
7 years ago
Hong
kuza55 Wrote: ------------------------------------------------------- > > Its an interesting idea; but we do understand > quite a bit about how the mind forms images (I > don't know much myself, but the mind tries to > establish what context it is viewing things in, > and since it thinks tile B is in a shadow, it will > try to make it look more like what it thinks i
Forum: Robots/Spiders/CAPTCHAs, oh my
7 years ago
Hong
How about the reverse? Computers(Robot) can realize it but humans can't. For example, consider the following picture, The squares marked A and B are the same shade of gray. Computer can realize it if it just compares their value of pixel. But humans can't due to illusion. Computers need to simulate how visual system to determine the shade of gray to defeat it. Any comments?
Forum: Robots/Spiders/CAPTCHAs, oh my
7 years ago
Hong
Here is the detail of the persistent XSS Vuln: In Google Personalized Home, the Bookmarks gadget has a persistent XSS Vuln, the name of URI doesn't sanitize < and >, and it places inside a script tag, then we can insert a xss payload using --></script><script>XSS</script>. All Bookmarks are saved on Google server. Google Personalized Home is a private page, that mea
Forum: Projects
7 years ago
Hong
I am from Hong Kong.
Forum: Full Disclosure
7 years ago
Hong
Hi, hackathology Yes, I am chinese.
Forum: Full Disclosure
7 years ago
Hong
Thanks. Yes, I want to stay out of jail, and I don't want to do any crime. Now my worm has some simple functions(i.e hijack links, forms, read contact list,etc). I think I won't publish the worm, and inform the company their holes. Maybe I capture some screenshots and post it later. :)
Forum: Projects
7 years ago
Hong
I will try to use ccl.whiteacid.org to bulid the logging system. But I still have some questions. Should it collect any private data? Should it notice users that they are infected by worm? Should it spread itself without user permit? I know all questions doesn't make sense, but the target site is one of the biggest site in the world, it provides email and many other services, it has a hug
Forum: Projects
7 years ago
Hong
I going to write a benign, non-malicious XSS Worm which target on a website. Here is the background: I already found out a persistent XSS, but that XSS is located on private page of user, no other user can access that page. I have another reflective XSS which is located on public page. I can get the email contact list of infected user and send email to others from infected user email account
Forum: Projects
7 years ago
Hong
I read local new sites sometimes, mostly surf for operating system development stuff. And also read some newsgroups.
Forum: OMG Ponies
7 years ago
Hong
How about style inside </a>? </a style="xx:expression(alert('xss'))">
Forum: XSS Info
7 years ago
Hong
@rsnake The ` char in IE won't work. @trev Thanks, I hadn't try it in JavaScript URLs, it is really fun. I will add them into the demo.
Forum: XSS Info
7 years ago
Hong
@SW sorry, what you mean? Do you mean does it work on other on* event? Yes, it does, onmouseout, onerror, etc. are also have same result. Original Yahoo Mail XSS is using the onmouseover event.
Forum: XSS Info
7 years ago
Hong
This XSS Vuln only affect Original Yahoo Mail, Yahoo! Mail Beta is not affected. In Original Yahoo Mail, when you browse mail content, there are two links point to the next mail and two links point to the previous mail. Here are there HTML code: <a href="link to the previous email" onmouseover="window.status='From: sender name, Subject: subject of the previous mail';return
Forum: Full Disclosure
Pages: 123Next
Current Page: 1 of 3