Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Q and A for any cross site scripting information. Feel free to ask away. 

Current Page: 1 of 1
Results 1 - 27 of 27
3 years ago
doody
Edit: I decided to try with the preg_match line commented out. Looks safe since I can do stuff like <b>bold text</b> but it'll be displayed verbatim. Is there any workaround that I might not know of?
Forum: XSS Info
3 years ago
doody
Hmm but the preg_match also stops me from using < and > characters. Would it be safe to add that in to the regexp? Edit: I decided to try with the preg_match line commented out. Looks safe since I can do stuff like <b>bold text</b> but it'll be displayed verbatim. Is there any workaround that I might not know of?
Forum: XSS Info
3 years ago
doody
I'm looking for the best way to sanitize all my input using PHP. I want it to be just like Facebook: only plain text is allowed, no tags of any sort.
Forum: XSS Info
4 years ago
doody
Would LeverOne care to share a brief explanation of his code? It's ok if you don't want to.
Forum: Obfuscation
4 years ago
doody
I had an idea to run a web server off a VM.. reason being I wanted to keep the web server environment isolated and also make it easy to wipe the entire OS if there were any problems.
Forum: OMG Ponies
4 years ago
doody
I was wondering about setting up a virtual machine on VirtualBox or VMWare. How secure are those? Is it possible to break through and get to the underlying system?
Forum: OMG Ponies
4 years ago
doody
So I guess Math.random() isn't really random...
Forum: Obfuscation
4 years ago
doody
Maybe your initial 'order by 1' query was wrong - it just happened to work but doesn't mean that there is at least 1 column.
Forum: SQL and Code Injection
4 years ago
doody
I can't seem to find any other way to poke around this site. Maybe someone else here can do better. URL:
Forum: SQL and Code Injection
4 years ago
doody
Thanks Reiners. Seems like I can only do SELECT statements. They have an "Update Information" page but the fields are covered with mysql_real_escape_string. If it was addslashes maybe it would be easier to go around.
Forum: SQL and Code Injection
4 years ago
doody
Ok, that's handy. I was using concat_ws cos last time I couldn't get group_concat to work.. probably the MysQL version. Anywhere there is a limit to the output from the query so it's being truncated. Managed to use the LIKE clause to try and reduce the output. Somehow it doesn't like the ' character. Anyhow, it's possible to use LIKE to slowly extract all the information needed, just troublesom
Forum: SQL and Code Injection
4 years ago
doody
I'm unable to add a where clause. It throws a "Warning: mysql_fetch_array() expects parameter 1 to be resource, boolean given in C:\xampp\htdocs\news.php on line 18" error. I'm going with load_file now. So far I've just managed to get a listing of news.php, gonna see what else I can do.
Forum: SQL and Code Injection
4 years ago
doody
Ok, added a limit n,1 to the end and I was able to start getting table names around limit 28,1 onwards: hxxp://xx/news.php?id=100 union select 1,2,3,TABLE_NAME,5 from INFORMATION_SCHEMA.TABLES limit n,1 How can I get the column names of the tables? Would it be possible to get column names of individual tables? Or can I do: hxxp://xx/news.php?id=100 union select 1,2,3,COLUMN_NAME,5 from INFOR
Forum: SQL and Code Injection
4 years ago
doody
I've found the number of columns by using order by, and now I have hxxp://xx/news.php?id=100 union select 1,2,3,4,5 Got the database version: 5.1.41 (which seems to be MySQL) I'm trying to get the table names with this: hxxp://xx/news.php?id=100 union select 1,2,3,TABLE_NAME,5 from INFORMATION_SCHEMA.TABLES-- However I can only get 1 table name, apparently called 'CHARACTER_SETS'. Trying
Forum: SQL and Code Injection
4 years ago
doody
Thanks thrill but I don't know any PASCAL. Also, it's a requirement to use JSP for my project. Hey Matt, sorry I don't live in the US so I don't know anything about AOL. But over here internet access goes through a proxy as well. Is it always the case that the proxy IP from a client will always be the same? Will there be a case where a client is routed through different proxies when accessing m
Forum: XSS Info
4 years ago
doody
How can I implement this in JSP? Is it easy?
Forum: XSS Info
4 years ago
doody
How can I do validation (server/client/anywhere) such that I can prevent session hijacking? It's probably out of the scope of my project (school stuff) but now I'm just interested to know!
Forum: Projects
4 years ago
doody
Is it always the case that I can take over a session with just the cookies?
Forum: XSS Info
4 years ago
doody
Thanks Matt, I should be able to implement most of that, except the HTTPS one. It's actually just a project, so it's running on a local Tomcat server. Matt Presson Wrote: ------------------------------------------------------- > Session Management: > Do not generate your own session identifier. Use > the built in session mechanism provided by your > JSP container or applicati
Forum: Projects
4 years ago
doody
How do I go about using cookies to log in on another computer? On computer A I have logged in onto a secure site (using SSO) and I retrieved the contents of document.cookie. Can I go to computer B, visit the same site, and set the cookie with the same values in order to "log in" to that same site on computer B?
Forum: XSS Info
4 years ago
doody
I'm currently working on a project that involves building a website in JSP and with a backend PostgreSQL database. Are there any points that I can look out for with regards to securing this website against attacks? The only thing I can think of currently is SQL injection, which has already been covered by using PreparedStatement for all SQL queries. Are there any other attack vectors that I should
Forum: Projects
4 years ago
doody
thornmaker Wrote: ------------------------------------------------------- > However, there's nothing stopping a > developer from dynamically constructing the query > string (so that it contains user-generated data) > and using it in a parameterized query, in which > case you're still vulnerable. And yes, I've seen > this happen. Could you give an example of how this wo
Forum: SQL and Code Injection
4 years ago
doody
Yep, understood the window.name part. I think this section is a bit above me right now...
Forum: Obfuscation
4 years ago
doody
Ok, I read one of the posts in the previous thread so I'm beginning to understand how the strings are constructed. Gee how does anyone figure out that ![] gives you false? I can't seem to get undefined printed when i do javascript:[][[]], am I missing something? Also is there a reason why we're doing eval(name)? Wouldn't something like eval(a) save some chars? Also, don't really understand why
Forum: Obfuscation
4 years ago
doody
I looked at his PoC. Am I right in saying that it's basically doing eval(name)? So how come we need []['filter']['constructor']('eval(name)')()? Also, is there any practical use in this? Or is it just a fun contest? =P
Forum: Obfuscation
4 years ago
doody
Could someone explain what's going on here? I'm kinda lost...
Forum: Obfuscation
4 years ago
doody
Hi, first post here =). Hope this is valid: <a href="javascript&#0:alert('1');">click me</a>
Forum: XSS Info
Current Page: 1 of 1