Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Q and A for any cross site scripting information. Feel free to ask away. 

Pages: 12345...LastNext
Current Page: 1 of 18
Results 1 - 30 of 527
6 years ago
Awesome AnDrEw
"LOLWUT" - Text is not likely to be stupid.
Forum: OMG Ponies
6 years ago
Awesome AnDrEw
What a remarkable idea, Ipilorz.
Forum: SPAM
6 years ago
Awesome AnDrEw
CrYpTiC_MauleR Wrote: ------------------------------------------------------- > Yeah bluehost sucks. Since you are getting only > 200 visitors per day you site is low traffic which > I would say is ideal for hosting yourself, > provided you have broadband. Other than that I > don't know who to recommend, I ditched webhosts > long ago, you have no control over what is >
Forum: OMG Ponies
6 years ago
Awesome AnDrEw
Dan, that's exactly what I foresaw him mentioning when I first replied to this thread. If you can manage to get a remote administration tool onto the victim's computer then there is no reason to bother implementing anything with the browser as one could easily hook the keystrokes, or forward anything being transmitted through the sockets.
Forum: Projects
6 years ago
Awesome AnDrEw
Based upon personal experiences manipulating the XMLHTTPRequest object I believe you will be limiting yourself to Microsoft Internet Explorer 5 and 6, and Firefox. Internet Explorer 7 supports two different instances or types of the XMLHTTPRequest object: ActiveX, and native (similar to Firefox, Opera, Safari, et cetera). Using the ActiveX control and running the application from the trusted zone
Forum: Projects
6 years ago
Awesome AnDrEw
I meant to comment on this yesterday, but never got around to it. It's refreshing to see something like this posted on here.
Forum: XSS Info
6 years ago
Awesome AnDrEw
Is this new? Since last month they have had a terrible CAPTCHA system with cats and dogs appended to each letter.
Forum: Robots/Spiders/CAPTCHAs, oh my
6 years ago
Awesome AnDrEw
I keep receiving an "Unknown Runtime Error", which prevents me from checking it out.
Forum: OMG Ponies
6 years ago
Awesome AnDrEw
moubik Wrote: ------------------------------------------------------- > .mario, Kyo just said something and probably read > what i wrote. That might have helped him. > If you lose some of your aggressiveness and some > of your ego you might be a nicer person :) Did you mean to reply to birdie? .mario only pointed out the account had been suspended. By the way I was too lazy to
Forum: Projects
6 years ago
Awesome AnDrEw
I didn't even notice we were in the OMG Ponies area, but that could be because of the question which was asked (though I tend to post serious questions in this forum as well since it is probably one of the most active boards).
Forum: OMG Ponies
6 years ago
Awesome AnDrEw
sirdarckcat, using the .htaccess for authorization will cause a 401 error to occur if the user does not provide the correct credentials, which effectively cuts them off from attempting to access any other resources in the given path (I.E. /members/, /members/page1.php, et cetera). In the example you have given without any further code the website becomes vulnerable to predictable resource location
Forum: OMG Ponies
6 years ago
Awesome AnDrEw
Ronald wrote a tool to do this two months ago called ZeroSum: .
Forum: OMG Ponies
6 years ago
Awesome AnDrEw
There's a free one written in Java by Johann Burkard available at .
Forum: Networking
6 years ago
Awesome AnDrEw
I don't use MySpace so I have never tried it, but I know it generally applies to other services as well. There are also at least two ways to brute force MySpace logins (assuming one knows the email address to the account) without any form of restrictions based on IP addresses, or number of attempts.
Forum: Full Disclosure
6 years ago
Awesome AnDrEw
Quote ARE YOU A 12 YEAR OLD GIRL THAT KNOWS SQL? no? quit fucking posting about neopets -id
Forum: XSS Info
6 years ago
Awesome AnDrEw
Going along with what CrYpTic has said if the vulnerable site includes files in this manner it is more likely that it is also vulnerable to local and remote file inclusion.
Forum: DoS
6 years ago
Awesome AnDrEw
In May of 2007 a freshly registered member of sla.ckers posted an advisory concerning the ways usernames were interpreted upon signing up: http://sla.ckers.org/forum/read.php?1,11999,12023 Also apparently a possible SQL issue in private messages: http://sla.ckers.org/forum/read.php?16,5035,5036
Forum: Projects
6 years ago
Awesome AnDrEw
This thread is now about sexual objectification of women. So Jill, what will it be? Tits? GTFO?
Forum: News and Links
6 years ago
Awesome AnDrEw
GB2/WebPirate SestusData.
Forum: News and Links
6 years ago
Awesome AnDrEw
TL;DR I'm curious as to how many individuals have posted through the SestusData account, and if the statements made here would be endorsed, or would reflect the attitudes and opinions held by all of the other members of the company as well.
Forum: News and Links
6 years ago
Awesome AnDrEw
I removed the AVG BHO (Browser Helper Object) and toolbar from each of the computers I have used the anti-virus software on, but from what I have read the User-Agent string is "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;1813)". I have chosen to deny access to the User-Agent on my own web server however others may feel differently. I have seen the LinkScanner application in action,
Forum: News and Links
6 years ago
Awesome AnDrEw
What you are asking for is a cracker capable of manipulating both 401 authentication prompts, and form elements. This is standard on most password crackers such as the classic "Brutus" application, or even software such as Acunetix's web application vulnerability scanner.
Forum: Projects
6 years ago
Awesome AnDrEw
I've run into a similar problem on ocassion, thrill. However mine was placing a 40 character password in an INPUT element with no maximum length specified, but with a server-side restriction of 8. So "*3X4mpl3Passw0rdIsSupeRLongANDHardLikeMe-" became "*3X4mpl3", but I could still enter the original password in the form upon login, and the server would truncate the rest of the s
Forum: XSS Info
6 years ago
Awesome AnDrEw
Since I have not seen the page you are working on I cannot speculate as to how many factors must be taken into account in order for your worm to properly execute, but I will make two suggestions. The first is that because the browser treats http://website and http://www.website as two different domains (in respect to the same origin policy) you may consider altering the following line: xmlhttp.
Forum: XSS Info
6 years ago
Awesome AnDrEw
I'm not entirely sure of what you meant in regard to loading the page into a variable, but yes your best bet would be to use the XMLHTTPRequest object in order to request the contents of the page, and then use regular expressions, or a lot of string-parsing in order to find the user's ID. This also comes in handy when bypassing any server-side restriction involving tokens, or session IDs, which ma
Forum: XSS Info
6 years ago
Awesome AnDrEw
It took me a second read to understand exactly what you were asking, but yes it is possible to specify a value inside of a parameter which will be sent to the server-side script upon being viewed, and subsequently causing the browser to issue an HTTP GET request. You will need a bit more work than just modifying the .htaccess, or the httpd.conf file in order to achieve the desired effect however i
Forum: CSRF and Session Info
6 years ago
Awesome AnDrEw
You may be able to create a worm regardless of the actual type of XSS vulnerability (reflected, persistent, or DOM) present in the website, or even using CSRF depending on the nature of the application. You also have the freedom to choose exactly how the worm propagates less any restrictions that have been put into place by the developer. To clarify I mean that you could potentially create a worm
Forum: XSS Info
6 years ago
Awesome AnDrEw
I've noticed an increasing number of SPAM accounts being created lately, and therefore it is time to take action.
Forum: Bugs
6 years ago
Awesome AnDrEw
Quote Qoodaa software technology corporation specializes in software study. Maily study Internet mass data saving and transmission. Qoodaa keeps ahead in data transmitting over the seven seas and supply data transmission for many transnational enterprise. Qoodaa is established at the beginning of 2006. strong High-tech is our backup force. The equipments of our company is excellent, the technique
Forum: XSS Info
6 years ago
Awesome AnDrEw
Not sure whether this is a valid post, or SPAM, but try the bookmarklet for Regular Expressions here (https://www.squarefree.com/bookmarklets/pagedata.html).
Forum: News and Links
Pages: 12345...LastNext
Current Page: 1 of 18