Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Q and A for any cross site scripting information. Feel free to ask away. 

Pages: 12345...LastNext
Current Page: 1 of 19
Results 1 - 30 of 542
7 years ago
WhiteAcid
OK. Well... I made two suggestions for change. Firstly I added some error checking to IDS::__construct(), but looking at the code christ1an linked to, this change is totally redundant. Ignore it. The second suggestion was simply to speed the process up a bit. You weren't using PHP's array_walk where it would be ideal to use it. Making this change would require you to switch the order of the att
Forum: Projects
7 years ago
WhiteAcid
That is awesomely code. I have yet to go through it all, but the only issue I could find so far is that changing ids.php like so: 73c73,78 < $this->request = $request; --- > $this->request = $request; > if ($tags !== false && !is_array($tags)) { > throw new Exception( > 'Tags parameter incorrect.' > ); > } 88,92c93,94
Forum: Projects
7 years ago
WhiteAcid
I think making a browser block the characters is a bit risky. Sure it would help, but it just may break a site. Is it really right for the browsers to force the users into something that's more restrictive than the technology states? Why not instead have an option server side to return a 500 error for any request with < or > in the URI. This way the server admin can make an informed decision
Forum: Projects
6 years ago
WhiteAcid
I still have my first ever PC, the only components which are original are one of the memory sticks and one of the CD drives, but I still class it as the same PC.
Forum: OMG Ponies
6 years ago
WhiteAcid
The video's at http://www.criticalsecurity.net/misc/24C3/24c3-2212-en-unusual_web_bugs.mp4
Forum: News and Links
6 years ago
WhiteAcid
I'm in the process of moving the torrents (.mp4 only) to http://www.criticalsecurity.net/misc/24C3/, but there's not many seeders, so this may take a while.
Forum: News and Links
6 years ago
WhiteAcid
from http://events.ccc.de/congress/2007/FAQ#When_will_Recordings_be_available.3F QuoteWhen will Recordings be available? Exactly five days, 23 minutes and 42 seconds after the closing event. Or, if we cannot make that: when they're ready. I have a mirror here: http://www.criticalsecurity.net/misc/24C3/ So the video will be there eventually.
Forum: News and Links
6 years ago
WhiteAcid
I didn't even think of that. I didn't do anything, and I doubt anyone else did. I also doubt the police even know what an ext3 file system is though.
Forum: OMG Ponies
6 years ago
WhiteAcid
You guys should have seen the audience. I don't think that room had ever had more people in it. Everyone seemed to love it, even Kaminsky said it was the most info packed talk of them all. Kuza also got invited to talk at Bluehat in May. Pretty good stuff. It was a great talk. The CCC say the video will be online within 5 or so days. When it is I'll link to it here.
Forum: News and Links
6 years ago
WhiteAcid
Damn you thornmaker :p I've sent IPB a support ticket.
Forum: XSS Info
6 years ago
WhiteAcid
You mean 87% are rants.
Forum: OMG Ponies
6 years ago
WhiteAcid
hushmail has simply lost all credibility. Release/warez groups are better off sending off their public keys in their .nfo files. Of course then there's the issue of setting up a CA when pretty much no one, including the CA can be trusted. Now how's that for an oxymoron.
Forum: Full Disclosure
6 years ago
WhiteAcid
Stuff in $_GET etc is always a string.
Forum: SQL and Code Injection
6 years ago
WhiteAcid
This is my first one ever and as I live in the UK it's not like I have to cross an ocean
Forum: OMG Ponies
6 years ago
WhiteAcid
15. 24C3
Whose coming? I just booked my flights so I'll be there from the 26th to the 31st.
Forum: OMG Ponies
6 years ago
WhiteAcid
Firefox should have seen all the file. I don't think you'll get something in wget you didn't in firefox (don't forget the view source though incase the text was rendered as html and not all visible on the page).
Forum: Full Disclosure
6 years ago
WhiteAcid
sorry, that's what I meant to write :p Boot.ini does indeed show that it is WINNT
Forum: Full Disclosure
6 years ago
WhiteAcid
../../../../../../../../Winwows/repair/sam You have a typo there for starters. Did you perhaps try ..../win32/.... ? What if you load .../nofile. What's the error? Does it match the errors you're currently getting?
Forum: Full Disclosure
6 years ago
WhiteAcid
It's in Swedish. There's not much you need to understand, it's a tinyurl service. Paste in a long link, hit submit, get a short url out.
Forum: XSS Info
6 years ago
WhiteAcid
Maybe fixed, I didn't get that kind of a request from loading the page
Forum: XSS Info
6 years ago
WhiteAcid
Heh. I never even thought of those. While mine isn't automatically submitted, so it would require user input, I should fix those issues too. Not right now though. I basically added a condition to not show the form if: preg_match("/^https?:\/\//", $target) === 0) Should suffice no?
Forum: XSS Info
6 years ago
WhiteAcid
In terms of creating a proof on concept, assuming there is no limit of payload size, then being able to create an alert box (even if you cant use ' or ") is proof enough that you can run any JS you want. If there is a payload size limit, then if you can inject a remove .js file (using a forwarding site such as x.se) then you have again proved you can run any JS code you want.
Forum: XSS Info
6 years ago
WhiteAcid
jamuse: Instead of making your own you could have simply grabbed my code and edited it a little to auto-submit.
Forum: XSS Info
6 years ago
WhiteAcid
I'm not sure all that many of us do use BSD. It would be nice if we could have some user agent statistics, both of all visitors and of only logged in visitors. I personally use Linux (Fedora), though atm I'm using XP on shared computers at uni as I don't have a computer of my own right now.
Forum: Intro
6 years ago
WhiteAcid
Nice, but was it too much to get others to take the others' roles? Would have made a much cooler photo.
Forum: OMG Ponies
6 years ago
WhiteAcid
QuoteDear Mr. Karunaratne, I have checked the previous case logs. You are correct, as the Notebook is crashing in BIOS, it means the issue is with Hardware parts. ... My reply: QuoteYou can close the ticket. I was robbed yesterday and my laptop was stolen. Would have been nice if we decided it was a hardware issue earlier and my laptop had been picked up to be fixed by now, but I guess t
Forum: OMG Ponies
6 years ago
WhiteAcid
I have a Dell laptop which is now getting a little old. I guess it must have hit one too many doorways because it's now crashing at random or when shaken around a little. It's no longer under warranty but I still contacted Dell support, hoping they could pick up my laptop, fix it, hopefully not charge me too much and return it to me. After a few days talking to Dell support via email and me run
Forum: OMG Ponies
7 years ago
WhiteAcid
did not crash IE6 for me (on SP2).
Forum: DoS
7 years ago
WhiteAcid
Ivan Ristic's Apache Security George Schlossnagel's Advanced PHP I was considering buying that fuzzing book, but I have no money right now. As for Professional Pen Testing for Web Applications, I liked it but it's not on my "great" list by any means.
Forum: OMG Ponies
7 years ago
WhiteAcid
Here's a few of mine I like: document.body.appendChild(father) //hehe, semantics went out the window there Also there's document.body.innerHTML = document.body.innerHTML The code actually didn't work in IE6 without that line of code.
Forum: News and Links
Pages: 12345...LastNext
Current Page: 1 of 19