Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Q and A on cross site request forgeries and breaking into sessions. It's one of the attacks that XSS enables and the attack of the future. For Session, fixations, hijacking, lockout, replay, session riding etc.... 

Current Page: 1 of 1
Results 1 - 16 of 16
4 years ago
zatoichi
@gareth hayes: thanks for the tip. i am not able to capture this kind of json: Format 1 :::: {"t":1,"p":1,"r":1,"rows":[{"i":0,"c":["n","H, C","A","5","T","n"]}]} but if i convert it to: Format 2:::: [{"t":1,"p":1,"r":1,"r
Forum: CSRF and Session Info
4 years ago
zatoichi
Hi, A web application is sending data in this format: {"t":1,"p":1,"r":1,"rows":[{"i":0,"c":["n","H, C","A","5","T","n"]}]} and i am using this code to get the JSON from my web site: <script> Object.prototype.__defineSetter__("t",function(obj){alert(1
Forum: CSRF and Session Info
4 years ago
zatoichi
Hi, The HTTP Header sent in response to a HTTP is request is : HTTP/1.1 401 Unauthorized Content-Length: 0 Server: Microsoft-HTTPAPI/2.0 Www-Authenticate: Negotiate Date: Thu, 04 Mar 2010 08:42:08 GMT NTLMApp is generating this debug info: *** Server 'Content-Length' found to be 0. *** Authentication routine started. *** Got Error 401 - "WWW authentication required". *
Forum: CSRF and Session Info
5 years ago
zatoichi
The file where the input is being echoed is fetched using the following method. <script src ="http://xxxxxxx/xxx.asp"></script> is the request being sent and the reply is JS file. this JS file contains the echoed input. I think all the earlier xSS vectors were based on the assumptions that the input is echoed back into a DHTML page but here the input is echoed back i
Forum: XSS Info
5 years ago
zatoichi
well actually the XSS string is being echoed in to something like this var XSS = "text_being_echoed"; into "text_being_echoed" i have tried the above mentioned strings and the characters ' " \ are escaped with a \. </script><script>alert(1); // won't work beacause it won't help me in breaking out of the string. Any help wud be greatly appreciated
Forum: XSS Info
5 years ago
zatoichi
hi, in an application the when i inject a string \";alert(1); the reflected string becomes \\\";alert(1); the characters which are escaped are " ' \. In there any way bypass this protection.
Forum: XSS Info
5 years ago
zatoichi
Nope that dosen't work either
Forum: XSS Info
5 years ago
zatoichi
anybody?
Forum: XSS Info
5 years ago
zatoichi
here's the code (most of it copied from the net): <script type="text/javascript"> var sec; function Array() { alert(1); sec = this; }; </script> <script src="http://xxx.xxx.xxx.xxx/json.php" type="text/javascript"></script> <script type="text/javascript"> var a=[40]; // this is here simply to check whethe
Forum: XSS Info
5 years ago
zatoichi
i am trying to override array constructor in javascript to exploit a JSON based vulnerability, but my array constructor is not getting called, don't know what the problem is, can anybody help??
Forum: XSS Info
5 years ago
zatoichi
if that is the procedure then we can rule out the replay attack, but can't the password be recovered since we already know the salt value we can create a rainbow table for the password hashes in 5-6 days if going with a dictionary based attack then even less time is needed, exposing the salt is a bad practice. are u using any criteria for preparing passwords , for ex. it shd have a numeral,capital
Forum: CSRF and Session Info
5 years ago
zatoichi
is the password hashed at the client side before being sent to the server side( is MD5 implemented in client side), in that case replay attacks are a good possibility even if the salt is changed everytime.
Forum: CSRF and Session Info
5 years ago
zatoichi
i meant CRLF injection (for HTTP header Splitting) sorry for not being clear in my first message , it is detecting %0d%0a characters in the stream and printng this stack trace, and preventing a HTTP header splitting attack, so i was wondering whether it can be bypassed ??
Forum: CSRF and Session Info
5 years ago
zatoichi
Hi, I have been trying to perfrom CRLF in a .NET environment it throws this error System.Web.HttpResponse.Redirect(String url, Boolean endResponse) +539 System.Web.HttpResponse.Redirect(String url) +6 System.Web.UI.Control.OnLoad(EventArgs e) +67 System.Web.UI.Control.LoadRecursive() +35 System.Web.UI.Page.ProcessRequestMain() +750 It is checking for invalid character
Forum: CSRF and Session Info
6 years ago
zatoichi
Nice Work people u shd be proud i don't think he is coming back.
Forum: SQL and Code Injection
Current Page: 1 of 1