Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Q and A on cross site request forgeries and breaking into sessions. It's one of the attacks that XSS enables and the attack of the future. For Session, fixations, hijacking, lockout, replay, session riding etc.... 

Current Page: 1 of 1
Results 1 - 22 of 22
3 years ago
tehryan
Just wondering if anybody knows whether or not there's already a body of work on this subject. Determining what router/wifi hotspot someone is using remotely using html/javascript tricks? Without access to a lot of the different hardware I can't really come up with a way to work on this. Any ideas?
Forum: Projects
7 years ago
tehryan
Fixed, Thanks.
Forum: Full Disclosure
7 years ago
tehryan
http://www.w4ck1ng.com/denied.php Spits back an unsanitized user-agent, could be hit with forced forging of headers. Which begs the question, how many methods do we all know for forcing forged headers other than the old flash vector? Also, why are we still trusting $_SERVER[]? :S
Forum: Full Disclosure
7 years ago
tehryan
http://www.hardened-php.net/advisory_012007.140.html
Forum: CSRF and Session Info
7 years ago
tehryan
Thought I'd reopen this discussion in light of ronalds recent blog post :)
Forum: CSRF and Session Info
7 years ago
tehryan
Gareth: you're right. as far as I can tell from further playing around its only effecting display. I bet there are some interesting social engineering vectors still tho... for instance get your hands on this domain: moc.lapyap.us(or other tld) the browser would display su.paypal.com
Forum: Full Disclosure
7 years ago
tehryan
hmm... looks like security slays this... look here: http://www1.freewebs.com/ryancartner/weirdchar.htm Paste that char somewhere and start typing.
Forum: Full Disclosure
7 years ago
tehryan
I'm pretty sure this isn't the right forum for this, but I couldn't find one properly suited so I picked here. There's a character I found on a foreign website that does some weird stuff and I'm pretty sure it could be used as an extremely effective bypass filter but I'm having all kinds of trouble figuring out how it can be used... when you paste this character, everything after it is imme
Forum: Full Disclosure
7 years ago
tehryan
how does any of that help the sorry sucker that contacts you about the proposal?
Forum: Full Disclosure
7 years ago
tehryan
http://linkscanner.explabs.com/linkscanner/checksite.asp?NS=ChkOnly&SRC=apps.ExpLabs.com&CS=' more irony, sql injection point. ;)
Forum: Full Disclosure
7 years ago
tehryan
Very good suggestion, I'll implement that. for now, just submit form templates the same way you would submit a url.
Forum: CSRF and Session Info
7 years ago
tehryan
whoops. http://sourceforge.net/search/?type_of_search=soft&words=%22%3E%3Cscript%3Ealert%28%27xss%27%29%3B%3C%2Fscript%3E
Forum: Full Disclosure
7 years ago
tehryan
lol, for anyone who tried using the interface with no luck... I squashed the bug, its working now.
Forum: CSRF and Session Info
7 years ago
tehryan
Okay everyone, here goes a first try. http://csrf.0x000000.com/csrfdb.php It is completely empty as of this writing, so go ahead and start submitting. send bug reports/feature requests/etc to ryan.cartner@gmail.com
Forum: CSRF and Session Info
7 years ago
tehryan
The code for this is almost done. Just a question, what would you all consider to be a good size for the varchar field storing the csrf url. My first inclination was to use 2083 which is the maximum length of a url in IE, but thats pretty big. Any suggestions?
Forum: CSRF and Session Info
7 years ago
tehryan
-firefox/ie -notepad -nc -all my bookmarklets -caffienated beverages sometimes I'll bust out some other tools... -firebug -webscarab
Forum: News and Links
7 years ago
tehryan
Great. I can design the UI/storage/retrieval, the whole shabang... but i don't have hosting, anybody feel like sharing? pwettypwettypwease.
Forum: CSRF and Session Info
7 years ago
tehryan
Yeah, a database of urls containing control variables for web apps that don't implement any csrf protection. I have quite a few for browser based php mmorpgs.
Forum: CSRF and Session Info
7 years ago
tehryan
has anyone thought of this? I was thinking about creating a platform like the google hacking db but for csrf urls... it raises some full disclosure ethics questions so gimme some feedback
Forum: CSRF and Session Info
7 years ago
tehryan
This seems to be an interesting area. I have a feeling some of the javascripts being used by the xul's in firefox and some plugins might be vulnerable to some dom based xss or other stuff... but in order to leverage an attack using these, we'll have to be able to force firefox to load chrome urls through csrf or javascript or something. Of course there is a restriction here. Has anyone done any pl
Forum: CSRF and Session Info
7 years ago
tehryan
Facebook has a feature that allows you to rotate your photos. This was done with GET vars and no anti-csrf measures. I was able to use javascript to cause entire albums to flip upside down very easily. I hadn't yet informed Facebook staff, but it seems the issue has been resolved, or at least their approach has changed. Has anyone else looked at this? I havn't had much time yet to really dig into
Forum: CSRF and Session Info
8 years ago
tehryan
WhiteAcid Wrote: ------------------------------------------------------- > Ah. Well... then it's pretty much impossible. > > >As a side note a lot of applications can switch > between GET and POST seemlessly > perhaps JSP, CGI and ASP applications, but most > PHP developers now properly use $_GET and $_POST > and have register_globals turned off. HTTP form met
Forum: CSRF and Session Info
Current Page: 1 of 1