Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Q and A on cross site request forgeries and breaking into sessions. It's one of the attacks that XSS enables and the attack of the future. For Session, fixations, hijacking, lockout, replay, session riding etc.... 

Current Page: 1 of 1
Results 1 - 11 of 11
6 years ago
hexfortyfive
I was asked to look into cross domain policy stuff for Flash. It seems since Flash 9, if a SWF on DOMAIN1 tells the client to download a file from DOMAIN2, the client checks for DOMAIN2's policy file to ensure it's allowed before grabbing the file. This is fine. But we live in the time of Web 2.0, where people want to mashup everything they can. So if DOMAIN2's policy is to allow anybody to rea
Forum: CSRF and Session Info
6 years ago
hexfortyfive
Unbalanced brackets? Obviously "LIKE" is in the WHERE clause, so what if the WHERE clause is using brackets to partition the logic up: SELECT * FROM table WHERE foo='X' AND (id=1 OR bar LIKE '{parameter}%') so with your first injection we get: SELECT * FROM table WHERE foo='X' AND (id=1 OR bar LIKE '' OR '%'='%') but with the 2nd one we get: SELECT * FROM table WHERE fo
Forum: SQL and Code Injection
6 years ago
hexfortyfive
Sorry, let me try rewording the question. Has using a double-quote (or single-quote i guess) within
Forum: XSS Info
6 years ago
hexfortyfive
Quote is that exploit vector a well-known one?
Forum: XSS Info
6 years ago
hexfortyfive
If anyone else is playing with ways to prevent this attack, I found that I can stick the .JAR file into the Comment's section of the EXIF data of a JPG and it will execute. This strategy will get around most (all?) automated image manipulation (crop, rotate, resize, convert jpg-to-jpg) that preserves EXIF data. Enjoy.
Forum: CSRF and Session Info
6 years ago
hexfortyfive
Due to recent announcements, I've been playing more with using Java applets in attacks. What can a malicious unsigned Java applet hosted on a remote server do? Grab cookies? Make GET/POST requests to the website? So what?! My real question: I can execute XSS that loads a malicious applet that I've uploaded to a server. What does this unsigned applet let me do that I can't already do with Javasc
Forum: CSRF and Session Info
6 years ago
hexfortyfive
check out this and this. I've managed to execute a PoC of this attack, but I'm not sure the extent of the damage (will create separate thread). As for remediation, pdp recommends: QuoteWhat you should do is to first of all validate whether what you receive is a picture and then re-convert it. If it is JPG, convert it again to JPG, That way you force the library to rearrange the bits within the
Forum: CSRF and Session Info
6 years ago
hexfortyfive
8. Splunk
Anyone played with Splunk? I read Raffy's slides from his talk at HITB2007 on visualization, and this got me really interested log analysis through visualization. I flipped through his book (the first one, not the new Applied Security Visualization) at my local bookstore and liked it even more. Around the same time, the company I work for finally decided that we need a log aggregation and an
Forum: Vendor Talk
6 years ago
hexfortyfive
@tx: I tried that based on your suggestion, but no luck. I think the %XX gets interpreted too late; when I look at the source of the rendered page after I give it onLayoutComple&%23x00000000000074;e I see onLayoutComplete which doesn't get interpreted. As an aside, the XSS i'm looking at is a PHP_SELF-style exploit, so # is being chopped off because it's a vali
Forum: XSS Info
6 years ago
hexfortyfive
Impressive suggestions by all. Unfortunately, the implementation of this filter on the site I'm pentesting seems to have two secondary filters. -For the specific input that's being printed, it's chopping off everything after #. The result is that I can't encode using &# -It's encoding < into %3C, but not > or ", so I can leave the current attribute and tag, but I can't create a
Forum: XSS Info
6 years ago
hexfortyfive
Hi. Long time slacker, first time poster. Anyone run into the following filter code before? http://quickwired.com/smallprojects/php_xss_filter_function.php What do you guys think? Impenetrable? * It removes non-printable characters, including \t, \n, and \r * It filters decimal & hexadecimal HTML encoded characters * It slams a <x> in the middle of any evil string I've been
Forum: XSS Info
Current Page: 1 of 1