Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Where you should disclose your vulnerabilities. Go read RFPolicy if you want to do responsible disclosure, and go here for when all else fails. 

Current Page: 1 of 1
Results 1 - 3 of 3
5 years ago
DanielG
http://wws.princeton.edu/webmedia/list_speakers.xml?start=f' generates the error: RXML run error: Query failed:[...] <emit host="mysql://wws_web:WW$W3bUs3r@www-01dept.princeton.edu:3308/wws_webcasts"[...] www-01dept.princeton.edu:3308 is connectable from the internet, and the user:password works. Is this like a major issue since it's a well known school?
Forum: Full Disclosure
6 years ago
DanielG
You are injecting into the Javascript on the site, the 'bug' is that you supply the "</script>" which ends the script block and displays the rest of it as text. If you look at line 182 in the source code you see cmCreateProductDetailsTag("Application: CRD APP..bla...", "sourcecode:FABDFB", ""><script>alert(document.cookie)</script>
Forum: Bugs
6 years ago
DanielG
I too have had troubles with finding the hash algorithm used for a password stored in a cookie. I've been trying to see if they used part of a hash because I couldn't find alot of hash algorithms which produce this particular output length (8byte). I was wondering if hashmasher also checks if the <hash> provided is only a part of a known hash algorithm. These are examples of the hash:
Forum: Projects
Current Page: 1 of 1