Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Q and A on cross site request forgeries and breaking into sessions. It's one of the attacks that XSS enables and the attack of the future. For Session, fixations, hijacking, lockout, replay, session riding etc.... 

Current Page: 1 of 1
Results 1 - 16 of 16
2 years ago
joel
There are 2 domain using the same cookie pair(uid & sid) for authenticate user: www.logger.com www.logspot.com uid was to identify a user, and sid was to authenticate him. Suppose most of the user will login via www.logger.com, and the browser will set the cookie: Set-Cookie: uid=15732; PATH=/; DOMAIN=logger.com; Set-Cookie: sid=FupX5px7X; PATH=/; DOMAIN=logger.com; And when the u
Forum: XSS Info
2 years ago
joel
I have google for this topic, but I can't found any solution. http://ha.ckers.org/blog/20070617/another-google-xss-in-google-documents/ in this blog, RSnake Says: June 18th, 2007 at 3:03 pm <comment> <!– –> within iframe tags, noscript tags, and I’m sure there are several others. I am not understand how to do. If I filter the <,>,'," use htmlspecialchars
Forum: XSS Info
2 years ago
joel
hi, all I just found a XSS, which will reflect the argument of url inside the script tag, but the <, >, (, ) would be filtered For example: /ref.php?name=";SOME_CODE_HERE;// The source code of the page is: <script> ... name="";SOME_CODE;// ... </script> When I try name=";alert(1);// It show me: <script> ... name="";a
Forum: XSS Info
3 years ago
joel
I just found this can work: hxxp://somesite.com/thing.php?list=joelTest;location.href='http://evilsite.com';// thanks to my dear coworker:)
Forum: XSS Info
3 years ago
joel
hey, guys I just found a maybe XSS vulnerability in a web site. It reflect one of my GET parameter in its javascript code like this: hxxp://somesite.com/thing.php?list=joelTest;alert(1);// <script> ... list=joelTest;alert1;// ... </script> Plus, '<' and '>' was filtered to &lt; and &gt; Can I XSS it in this case?
Forum: XSS Info
4 years ago
joel
Hi, all By the page 213 of the book "Cross Site Scripting Attacks Xss Exploits and Defense", I know how to overwrite the Array JavaScript object and as such simulate a callback. I just found a site return some JSON data like this: {"ok":{"list":[{"sex":"male", "birth":"12.04", "nick":"tommy"}, {"sex
Forum: XSS Info
4 years ago
joel
hi, everyone I found that the webkit browser will take the embed tag with a html src as a iframe tag, just like: test.html: <embed src="http://www.google.com"></embed> Using the chrome browser to open the test.html, it shows that it was a iframe. That would be a problem in some rich text application. I know the type of embed tag may help, but there are so many
Forum: XSS Info
4 years ago
joel
@PaPPy If there is a xss, writing the token string directly into the form cannot defence csrf either. http://blog.thinkphp.de/archives/150-Buy-one-XSS,-get-a-CSRF-for-free.html
Forum: CSRF and Session Info
4 years ago
joel
@Gareth Heyes, great idae :p In my case, there is only one token in the cookie, just like: vtoken=8a995a95c13fda450b0776532156fe07 but this token does not appear in the html form, the form look like: ... <input type="hidden" name="vtoken" value=<script>document.write(document.cookie...)</script> > ... I am considering this implemention robust to
Forum: CSRF and Session Info
4 years ago
joel
Hey, guys. I found that some web application implementing anti-CSRF token only in the cookie, but not in the html form. When they post data, they use javascript to get the anti-CSRF token from the cookie, and check the token in the background application between the post data and cookie data. How do you think about this implemention?
Forum: CSRF and Session Info
4 years ago
joel
Hi guys, I am the new one in PHP audit and recently, I have read the book "php|Architects Guide To Security", but when I get the source code of a php project I don't know how to start with it. I know about the XSS, CSRF and SQLi, and I have been a web application penetration tester for a long while, but I just know how to test in a black box. I just got a new job about php and java
Forum: OMG Ponies
4 years ago
joel
Implementing a anti-CSRF token will be much more complex than only check the referrer header.
Forum: CSRF and Session Info
4 years ago
joel
hi, I found a web site that allow <marquee> tag, however, it filter all the event handler begin with on, for example "onFinish()". I am wondering if it's safe?
Forum: XSS Info
4 years ago
joel
Without quotes, it could not work in ie6
Forum: XSS Info
5 years ago
joel
It should be <img src=“http://www.businessinfo.co.uk/labs/hackvertor/images/logo.gif” onload='alert(1)'>
Forum: XSS Info
Current Page: 1 of 1