Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Q and A on cross site request forgeries and breaking into sessions. It's one of the attacks that XSS enables and the attack of the future. For Session, fixations, hijacking, lockout, replay, session riding etc.... 

Current Page: 1 of 1
Results 1 - 9 of 9
4 years ago
dwhite
The situation: hxxp://domain.com/LoadSWF.swf?location=http://domain2.com/xss.swf LoadSWF is AS3 and uses Loader.load() to load the external swf file. With xss.swf as AS3 and using Security.allowDomain("domain.com"); and a crossdomain.xml file, LoadSWF will load xss.swf. The question is what the payload can be. I tried: navigateToURL(new URLRequest("javascript:alert
Forum: XSS Info
4 years ago
dwhite
I read that thread. Unfortunately, I can't upload to other directories and the server isn't running apache.
Forum: SQL and Code Injection
4 years ago
dwhite
Suppose a PHP script allowed you to upload a file with an arbitrary name but appended ".jpg". Would there be any way to get the script to truncate the name?
Forum: SQL and Code Injection
5 years ago
dwhite
I did attempt: http://ha.ckers.org/blog/20090120/persistent-cookies-and-dns-rebinding-redux/ However it did not work. The cookie is sent but the response from the website is always to redirect to the home page. I set an A record of a subdomain on the domain I'm using for testing to the IP address of the website. Is there anything more/different that needs to be done?
Forum: XSS Info
5 years ago
dwhite
Is there currently any way to exploit a XSS issue in a cookie? Thanks.
Forum: XSS Info
5 years ago
dwhite
Is checking for the Accept header that XMLHttpRequest sends on a JSON request (application/json, text/javascript, */*) a secure way of protecting against CSRF? It is possible to forge the Accept header with flash, however that can be restricted in a cross-domain policy file.
Forum: CSRF and Session Info
5 years ago
dwhite
Is it possible to have a browser load a url but not follow any redirects?
Forum: CSRF and Session Info
6 years ago
dwhite
Suppose you can inject into an img tag that already contained the URL of an image. You can only inject after the URL and you can't inject quotes. Depending on how you manipulate the situation you can either have the URL terminate in an actual image (http:///www.domain.com/images/image.jpg) or a directory (http:///www.domain.com/images/). Is there a way to get the browser to ignore the URL and inst
Forum: XSS Info
7 years ago
dwhite
Suppose javascript could be injected into a .js file on a site through http://www.example.com/js/example.js?var=input with no filtering at all on the input. Could it be exploited? Thanks.
Forum: XSS Info
Current Page: 1 of 1