Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Where you should disclose your vulnerabilities. Go read RFPolicy if you want to do responsible disclosure, and go here for when all else fails. 

Pages: 12345...LastNext
Current Page: 1 of 12
Results 1 - 30 of 357
7 years ago
trev
Jungsonn, the server decodes the URL parameters. In case of PHP it happens automatically if you access $_GET['something']. But you can also access $_SERVER['REQUEST_URI'] or $_SERVER['PHP_SELF'] where the same data isn't decoded. And there are lots of web applications that have to process angled brackets properly, e.g. this forum - without them we wouldn't be able to post HTML code here.
Forum: Projects
5 years ago
trev
I guess you are interested in sites that try to exploit browser vulnerabilities (or user's ignorance) to infect them with malware. There are some lists tracking these sites, for example http://malwaredomains.com/
Forum: Projects
5 years ago
trev
It is a security mechanism implemented in the Flash plugin itself. However, I don't see how you would serve a fake crossdomain.xml other than via DNS rebinding (which doesn't get you very far). You cannot just go change the proxy settings - if you could you wouldn't need crossdomain.xml.
Forum: Projects
5 years ago
trev
I wrote a simple extension to display JavaScript code that's compiled/executed on web pages: . You simply open the deobfuscator window via Tools menu and go to some web page. The extension is getting its data directly from the JavaScript engine meaning that all JavaScript code across the entire browser is being tracked, no matter how it gets to run. Also, the code is somewhat beautified compared t
Forum: Projects
5 years ago
trev
Right, secure shopping: (move your mouse over any link on the right)
Forum: Full Disclosure
5 years ago
trev
Courtesy of McAfee.com:
Forum: Full Disclosure
6 years ago
trev
Nope, doesn't seem fixed.
Forum: DoS
6 years ago
trev
@nktpro: I feel your pain. I stopped trying to do responsible disclosure with Yahoo long ago - any reports to them go down a black hole, and there are really lots and lots of issues to report. Even Microsoft is trying to keep security researchers in the loop, but Yahoo is really hopeless.
Forum: Full Disclosure
6 years ago
trev
Nice job, AWStats - let's include a redirector, just in case somebody will need it: http://pierceive.com/cgi-bin/awstats/awredir.pl?url=http://google.com/ A quote from that script: if (! $ENV{'GATEWAY_INTERFACE'}) { # Run from command line print "----- $PROG $VERSION (c) Laurent Destailleur -----\n"; print "This script is absolutely not required to us
Forum: Full Disclosure
6 years ago
trev
http://trail.motionbased.com/trail/security/login.mb?username.value=%3Cscript%3Ealert('xss')%3C/script%3E
Forum: Full Disclosure
6 years ago
trev
As to the original question: I see basically two reasons why response splitting wouldn't work. 1. This isn't really a redirect to the page you are passing in the parameter, the script always redirects to a fixed URL ignoring the input. 2. There is some validation and the script will ignore URL parts following a special character. You can find out which one is true by doing further experimen
Forum: CSRF and Session Info
6 years ago
trev
Found this: http://qescik.slack.pl/localhost.sql Looks like spammers are getting more open these days, they even publish their passwords. Too bad I get 403 on , I might be able to help cleaning the database...
Forum: Full Disclosure
6 years ago
trev
I looked at that page as well a while ago. If a website were able to open it, it could force Firefox to run a page through IE - that in itself is already a vulnerability. Fortunately, Firefox doesn't allow web sites to link or redirect to chrome://, so that IETab is *relatively* safe.
Forum: CSRF and Session Info
6 years ago
trev
And another one: http://search.ebay.de/ws/search/SaleSearchService?_safmen=1&_sajscallback=%3Chtml%3E%3Cscript%3Ealert('xss')%3C/script%3E%3C/html%3E&saved=1
Forum: Full Disclosure
6 years ago
trev
And a similar one, this time on the ebay.com domain but the code still doesn't get executed: http://promo.ebay.de/ws/eBayISAPI.dll?MerchPlacement&svcid=MERCH_PLACEMENT&request=nada&cb=%3Chtml%3E%3Cscript%3Ealert('xss')%3C/script%3E%3C/html%3E
Forum: Full Disclosure
6 years ago
trev
This script is used for eBay's banners. Interestingly, it will take just any text as a callback function: http://srx.de.ebayrtm.com/rtm?RtmCmd&a=json&cb=%3Chtml%3E%3Cscript%3Ealert(%22xss%22)%3C/script%3E%3C/html%3E The parameter a accepts the values "text" and "xml" as well but the output is always JavaScript which prevents the browser from processing the HTML co
Forum: Full Disclosure
6 years ago
trev
See http://robert.penz.name/39/spamming-goes-to-new-level/ (original article is http://www.heise.de/newsticker/meldung/103711) - that might be what you are seeing.
Forum: SPAM
6 years ago
trev
In Firefox you open about:config, find network.http.sendRefererHeader setting and set it to 0 - if you don't want to install extensions for that job.
Forum: SPAM
6 years ago
trev
Yes, Myspace fixed the issue - if I try to open it with a trailing dot it simply redirects to Google. Also, Firefox 3 won't let you use that trick any more (bug 368700 and bug 368702).
Forum: Full Disclosure
6 years ago
trev
I am pretty late to the party but still - this cannot work. You can only modify the JavaScript wrappers of internal objects, the browser will access the objects directly however. Also, Firefox uses neither window.location nor document.domain for same-origin policy - policy enforcement in Firefox is always based on a principal object. The document is associated with a principal when it is created,
Forum: Full Disclosure
6 years ago
trev
Interesting approach - and works flawlessly! Thanks a lot.
Forum: CSRF and Session Info
6 years ago
trev
There is onbeforeunload which is meant exactly for this kind of things. Otherwise it is what riahmatic says - you have to make sure your handler doesn't fire for clicks on local links (though for that I would add a one click handler on the document since all events bubble).
Forum: CSRF and Session Info
6 years ago
trev
I investigated CSRF in the web interface of a particular router. It appeared to be totally unprotected so I reported the issue - and got a response that this issue was fixed a year ago. Now I investigated further and got very interesting facts. Apparently, CSRF from the local network is a feature! So the web interface will accept any POST requests where the domain name from the Referer header reso
Forum: CSRF and Session Info
6 years ago
trev
Don't worry, I won't comment again on the "security vulnerabilities" you find.
Forum: Full Disclosure
6 years ago
trev
Quote Ever heard of tricking filters this way? like whitelisted domains and RegEx filters? That would be an issue with the filters - their URL processing is flawed. Which ones do you have in mind? QuoteAnd how about tricking the firefox anti phising filter? Hm... I try this link - somehow the phishing filter isn't too fooled (tested in Firefox 2.0.0.12 and Firefox 3 nightly build). FYI this
Forum: Full Disclosure
6 years ago
trev
QuoteThat is not true, if you change your browser preference like your user agent, we can read out the original file in the greprefs and still know what browser you use So what? There are literally thousands of ways to recognize a particular browser. Changing user agent is for those stupid sites that look for "MSIE" there, otherwise it doesn't give you anything. Quote.manifest files C
Forum: Full Disclosure
6 years ago
trev
Heh, but Mozilla is right - you are only reading out files that are the same for every Firefox browser on the planet. You can just as well get them from FTP. And - no, you cannot read .manifest files like this (not that they would contain anything "useful"). Edit: This does not mean that allowing everything in the application directory to be accessed from a web page is nice, after all
Forum: Full Disclosure
6 years ago
trev
What's the spoof here? I put an example link below (ignoring the Yahoo redirect which is a different beast) - moving the mouse over the link will show "yahoo.com" (the real target of the link) and you will also see "yahoo.com" in the address bar. "google.com" only shows up in the HTML source where no user will see it. Testing in Firefox 2.0.0.12. link
Forum: Full Disclosure
7 years ago
trev
Pretty useless. The post tells how you can generate Adsense clicks by triggering the URL that Google's scripts create. Of course Google will detect this and close your account pretty soon, but whoever wrote this didn't think that far...
Forum: DoS
7 years ago
trev
Just a note: this is bug 233270 and actually not a bug.
Forum: Full Disclosure
Pages: 12345...LastNext
Current Page: 1 of 12