Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Q and A on cross site request forgeries and breaking into sessions. It's one of the attacks that XSS enables and the attack of the future. For Session, fixations, hijacking, lockout, replay, session riding etc.... 

Current Page: 1 of 1
Results 1 - 5 of 5
5 years ago
iNs4n3
http://barrasapo.mredir.sapo.pt/sla.ckers.org
Forum: Full Disclosure
5 years ago
iNs4n3
this is probably my favourite: http://ha.ckers.org_xss.js.sapo.pt that translates to... http://pesquisa.sapo.pt/?q=ha+ckers+org+xss+js :P
Forum: Full Disclosure
6 years ago
iNs4n3
rsnake Wrote: ------------------------------------------------------- > How are you envisioning the session hijacking > occurring if they haven't visited the site? > Physical access to the machine? As i see it, random session ID is only effective to lower the time window a possible attacker has... if the legitimate user is browsing the site (and regenerating sess id's). If not,
Forum: CSRF and Session Info
6 years ago
iNs4n3
I have a little dilemma: It seems that for a certain web app, i can either choose to allow users to login easily ("remember me", set session cookie) OR have real secure sessions. Even if the session id is regenerated at each page load, session hijacking is still possible if the user hasn't visited the site since. So i'm just wondering what would be a good mechanism to validate t
Forum: CSRF and Session Info
6 years ago
iNs4n3
Hey all, I guess i should introduce myself. i'm always sleepy, low on coffee and late for work... I work as a developer/sysadmin for a small company, and can't stop learning the things that interest me - XSS brought me to sla.ckers but i'm sure i'll learn quite a few things here :) Greetz from Portugal! iNs4n3
Forum: Intro
Current Page: 1 of 1