Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Q and A on cross site request forgeries and breaking into sessions. It's one of the attacks that XSS enables and the attack of the future. For Session, fixations, hijacking, lockout, replay, session riding etc.... 

Pages: 12345...LastNext
Current Page: 1 of 14
Results 1 - 30 of 395
3 years ago
Kyo
what
Forum: XSS Info
3 years ago
Kyo
you can also use unescape() if you're short on space and backslashes don't work
Forum: XSS Info
3 years ago
Kyo
Cool stuff! I've been doing it the lazy way, but this is really clever.
Forum: SQL and Code Injection
3 years ago
Kyo
why close the form, though?
Forum: XSS Info
3 years ago
Kyo
yeah, you have to inject a blind in the sorting clause. Pretty clever.
Forum: SQL and Code Injection
3 years ago
Kyo
that was an example. Do you know SQL? Do you know what a column is and what it does? It's exactly what it implies, it's a column in a table containing data. Yes, it is no problem adding new columns to a table, and the query he posted does just that. There's nothing more to show you as an example
Forum: SQL and Code Injection
3 years ago
Kyo
ah yes, you have an injection in two seperate queries. That is a bit annoying, and afaik there's not much you can do if there's no output. However, you can still use the injection as a blind injection.
Forum: SQL and Code Injection
3 years ago
Kyo
you could maybe be able to use a variation of the css history hack to at least make estimates about what they are using, on two levels... Also checking which IP it is on will also nail it down a little bit (though to a much lesser degree of course -- I know for example that a fritzbox is usually accessible under the fritz.box hostname)
Forum: Projects
3 years ago
Kyo
Not really a good idea to replace closing and opening tags seperately, if you're going for valid (x)html edit: I posted on an old thread again, didn't I?
Forum: XSS Info
3 years ago
Kyo
By reading up on SQL. Easy as that. You can't expect us to literally do all the work for you.
Forum: SQL and Code Injection
3 years ago
Kyo
I didn't even know we allowed images on here. Must be the first time anyone ever posted one
Forum: OMG Ponies
3 years ago
Kyo
well the drawback would be that it's horribly annoying to use.
Forum: SQL and Code Injection
3 years ago
Kyo
that would be magic quotes. I am guessing you're injecting the source code via a POST/GET request do the second one pappy suggested: <?php system(get_magic_quotes_gpc() ? stripslashes($_GET) : $_GET); ?> this'll throw a notice, but it will work just fine. You might also want to use eval() and possibly POST to avoid access logs
Forum: SQL and Code Injection
3 years ago
Kyo
I can't think of anything except javascript: that would exploit this
Forum: XSS Info
3 years ago
Kyo
For load_file it's important to figure out if you have file privileges. First check which user your query is using. Check if they have privileges via the mysql.user table, which you say you have access to. If you don't, forget about load file. If you do, it should be important to figure out if this is a dedicated mysql server or not. If it's shared hosting, it probably isn't. Same goes for most VP
Forum: SQL and Code Injection
3 years ago
Kyo
so what's the actual injection point?
Forum: XSS Info
3 years ago
Kyo
again, the idea of XSS is not to social engineer people into typing in exploits. Take a look at the link I posted above. I'll even post it again: http://wocares.com/pf3.php
Forum: XSS Info
3 years ago
Kyo
I'm confused? Are you, or are you not able to inject longer strings? I don't really see anything ironic or sarcastic about the statement "Yeah I can. Will the victim do it too? :)" If you can, I recommend you look here: http://wocares.com/pf3.php
Forum: XSS Info
3 years ago
Kyo
This may be a stupid question, but does it actually cut off the others on the server side, or is it just the form limiting you? If so, you can just use tamper data to enter more. Or many other ways, I guess.
Forum: XSS Info
3 years ago
Kyo
never really worked with cakephp, but try subqueries? Those should at least give you a blind injection.
Forum: SQL and Code Injection
3 years ago
Kyo
http://ha.ckers.org/images/google-buzz-xss.png here's another one
Forum: OMG Ponies
3 years ago
Kyo
Yeah, LFI with a size restriction, tried to shrink my shell down a bit with removing as little functionality as possible. I doubt it'll help performance much, if at all. It might save a little time because there's no whitespaces and comments to interpret for PHP but if it does, that should be a pretty irrelevant amount of time. I guess you could do some benchmarking on bigger scripts.
Forum: Projects
3 years ago
Kyo
http://knkentp.com/index.php?news&nid=%283-1%29 this is not an SQL injection. It's just not doing intval() Just becuase it's not loading any content doesn't mean you have an SQLi.
Forum: SQL and Code Injection
3 years ago
Kyo
might be LDAP or something. I.e. externally saved users.
Forum: SQL and Code Injection
3 years ago
Kyo
because when you do group by, it'll return a count for each group.
Forum: SQL and Code Injection
3 years ago
Kyo
Yeah, sorry. Thought it was fresh because it was relatively at the top (what with the servers going down I guess). That always seems to happen to me.
Forum: XSS Info
3 years ago
Kyo
there's a bunch of stuff you can do in XAMPP. You can also inject your own code in the language variable.
Forum: Full Disclosure
3 years ago
Kyo
What this does is it'll shrink down PHP code, in filesize. It does this by removing comments, unnecessary whitespaces and renaming all variables to be as short as possible. My goal in writing it was more to complete it as fast as possible, not to make it as nice as possible. You have been warned. If there are any problems, do report them though, I'll be happy to fix them. Improvements would also
Forum: Projects
3 years ago
Kyo
1=0) UNION SELECT [...]-- -
Forum: SQL and Code Injection
3 years ago
Kyo
that's a pretty vague request
Forum: SQL and Code Injection
Pages: 12345...LastNext
Current Page: 1 of 14