Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
How robots and spiders are causing issues, how to stop them. We can also talk about Completely Automated Public Turing Test To Tell Computers And Humans Apart - their use, their compliance issues, porn proxies, PWNtcha and other ways to defeat them. 

Pages: 12345...LastNext
Current Page: 1 of 13
Results 1 - 30 of 386
3 years ago
kuza55
Firefox has additional protections as well - it will only let you read files in the current directory and it will not give you directory listing, so you would need to know the filenames to read them.
Forum: OMG Ponies
3 years ago
kuza55
Reiners Wrote: ------------------------------------------------------- > hm both are good ideas indeed, but impractical for > static analysis. > > > > > <?php echo csrfToken(); ?> > > > > you can't really tell with static analysis if the > user is logged in (or what session properties he > holds) nor if the function csrfToken() buil
Forum: CSRF and Session Info
4 years ago
kuza55
I'm not familiar with IE/ActiveX's use of COM, but assuming they don't do anything crazy... It depends on how the COM object was installed on the computer, when you instantiate a COM control, the COM runtime will check the registry to determine whether to load it as a dll, or as a new process, or whether it's on another computer entirely (DCOM). Almost always it will be a dll in the same add
Forum: SQL and Code Injection
4 years ago
kuza55
If IIS lets you use a custom 404/403/401/whatever the appropriate error code page, you may be able to get away without changing the client-side code by simply having the appropriate error page for that directory figure out what they were trying to access and then work out if they have the appropriate rights. You could also just create a proxy script, e.g. http://<system:0000>/vir_dir/core
Forum: Full Disclosure
4 years ago
kuza55
id Wrote: ------------------------------------------------------- > If your issues are related to the admin > interfaces, then they can be fixed by securing the > admin interface at the network/browser level (same > can be said for most of the worthless web > interfaces out there). Not related to the admin interface in any way, though I probably would have said a persiste
Forum: Vendor Talk
4 years ago
kuza55
id Wrote: ------------------------------------------------------- > I don't think it's fair at all to call OSSEC a > WAF, that's not at all what it was designed to > be. > > Also, if this post is about how each product is > configured out of the box, then it's pointless. > There's not a single security product I can think > of that has much value without being con
Forum: Vendor Talk
4 years ago
kuza55
So, instead of people asking for responses about particular WAFs, I thought it might be better (and more amusing) to simply list the WAFs we know how to bypass, or have actual vulnerabilities in/exploits for. Now, I realise everyone's a hippy and wants their free info, but I don't want to be awfully specific about the exact vulnerabilities, so you're going to have to take this on faith. If any
Forum: Vendor Talk
4 years ago
kuza55
sirdarckcat Wrote: ------------------------------------------------------- > @kuza55 > that's firefox only right? Contrary to what I would have thought, yes, this is Firefox only (did a quick test of Chrome, IE 8, Opera 10, Safari 4). Interestingly though, everything besides IE would truncate on \n.... Does anyone remember this working in other browsers, or did I just never bot
Forum: XSS Info
4 years ago
kuza55
Ryonan Wrote: ------------------------------------------------------- > Hello, > i stole cookie of a user, but i can't login right > away with : > javascript:document.cookie="user=1;password=434rer > dsd343;" > instead, i have to enter one by one, first with > user, and then with password to login. document.cookie does actually let you do multiple cookies
Forum: XSS Info
4 years ago
kuza55
Also, note that cookies have a domain property, and that webmail.site-example.com may set the cookies you want with the domain attribute set to .site-example.com, which would mean www.site-example.com would get those cookies as well. If not (and what Gareth described isn't possible), then I know of no ways to get the cookies, however, Flash, Silverlight, etc, have a crossdomain.xml file which c
Forum: XSS Info
5 years ago
kuza55
.mario Wrote: ------------------------------------------------------- > @kuza55: About 461K bug entries for Firefox - that > doesn't really bode well for browsers does it? (It > really doesn't but I am sure you are getting my > point) No, it doesn't. However, I've been subscribed to the firefox new bugs list in my rss reader for the last week, and a lot of the bugs are featu
Forum: Projects
5 years ago
kuza55
22 pages and still going strong, that doesn't really bode well for IDS systems does it?
Forum: Projects
6 years ago
kuza55
I don't really follow this thread, so I have no idea if this has been mentioned before, but sometimes you don't need to be able to execute code to execute code, if you know what I mean, e.g. document.domain=name (set name to com or org or net, or whatever the TLD is) seems to get past the filter on php-ids.org Also, you can make it even simpler by overwriting an object inside the window o
Forum: Projects
5 years ago
kuza55
If you can find a vulnerable update you can try to *change* someone's md5'd password.
Forum: SQL and Code Injection
5 years ago
kuza55
@thornmaker Does that one without the param tag work cross-domain? I could only get that form to work on the same-domain, hence the param crap I had to find to stick on.
Forum: XSS Info
5 years ago
kuza55
An alternative to using a specific email (which can be banned) is to send to a mailing list or other un-moderated public forum, mailing lists are better since they are push, rather than pull. As long as you public-key encrypt, you can spam it via as many outlets as you want. An alternative to hard-coded addresses would be to use a formula, like Conficker did, where Conficker went wrong IMO was
Forum: Projects
5 years ago
kuza55
clayfox Wrote: ------------------------------------------------------- > Did the flash exploit add the "Set-Cookie" header > to the response?! Nah, it didn't, it just let you send Cookie headers along with your requests: http://www.webappsec.org/lists/websecurity/archive/2006-07/msg00069.html With some tweaking, being able to send headers still works, however there is a bl
Forum: CSRF and Session Info
5 years ago
kuza55
I saw an academic paper on this a while ago, but short of an ability to set cookies for a specific path (so that the user cannot generally tell they are submitting info for someone else), and a lack of csrf tokens, this seems like something that will look pretty suspicious to users when their account doesn't look like their account... However it is very useful to exploit xss bugs which are prot
Forum: CSRF and Session Info
5 years ago
kuza55
clayfox Wrote: ------------------------------------------------------- > Here are some questions I have about cookies. > Apparently what I'm talking about is more widely > known as Cross-site cooking. > > domain= > Jo Hermans for Mozilla went through the process of > creating a file defining how many dots different > domain suffixes required (things like .blah.com
Forum: CSRF and Session Info
5 years ago
kuza55
tx Wrote: ------------------------------------------------------- > It seems most likely to me that the sessions are > expired because the user is logging out. If you're not particularly worried about stealth, just delete the cookies from the user's browser so that they can't log the session out.
Forum: CSRF and Session Info
5 years ago
kuza55
.mario Wrote: ------------------------------------------------------- > @kuza55: Tell me one spammer who first floods your > mailbox/forum/blog with bullshit and then contacts > you to help you update your filters :) Most people who actually hack sites don't go telling people how to fix it either. Disclosure is an anomaly.
Forum: News and Links
5 years ago
kuza55
Kyo Wrote: ------------------------------------------------------- > it's generally not a very common charset. Most > european sites use iso-8859-1, which, as far as I > know, does not have such exploits. > > And reiners, I think it might work either way on > yours, because the php is not trimmed for GBK, > just the MySQL It's the SET CHARACTER SET which makes my
Forum: SQL and Code Injection
5 years ago
kuza55
digi7al64 Wrote: ------------------------------------------------------- > I hope you die in a fire you pathetic spamming > piece of shit. > > WE NEED NOFOLLOW ATTRIBUTES ON ALL LINKS HERE. So hacking systems is perfectly alright, but spammers are pieces of shit?
Forum: News and Links
5 years ago
kuza55
Inferno Wrote: ------------------------------------------------------- > Hi Alex, > > I have analyzed their patch and the only thing > they do is move the meta tags before the title tag > to prevent any utf-7 injection. I don't think > browsers ignore the utf-8 specified in the http > response headers, otherwise there could be tons of > security issues to exploit
Forum: Full Disclosure
5 years ago
kuza55
Inferno Wrote: ------------------------------------------------------- > Hi Ha.ckers, > > I have been able to exploit the utf-7 charset > inheritance fix that was done in IE8. > More information is available at my blog - > http://securethoughts.com/2009/05/exploiting-ie8-u > tf-7-xss-vulnerability-using-local-redirection/ Btw, I was a bit rushed when I saw this
Forum: Full Disclosure
5 years ago
kuza55
Gareth Heyes Wrote: ------------------------------------------------------- > So I'd see it as in-between because it requires a > specific redirection. If you could make it work > via a cross domain redirect then I'd see it as > critical because you could then inject UTF-7 > strings on any web site. cross-domain redirects work, have a look at the PoC - http://www.securetho
Forum: Full Disclosure
5 years ago
kuza55
Gareth Heyes Wrote: ------------------------------------------------------- > redirect.php?url=data:text/html,alert(1) > > This is executed by Firefox, tested using php. The > javascript protocol failed. Sweet, nice one, definitely going to be useful in the future! When the hell did that start working? But it still doesn't solve my present problem though, since the app ch
Forum: XSS Info
5 years ago
kuza55
I was wondering, does anyone know of any good ways to cause 3xx redirect responses to be rendered? I found some things a while back: http://www.webappsec.org/lists/websecurity/archive/2007-11/msg00004.html but the Location: https://server.example.com/, a thing doesn't work in the latest Firefox. Another method that I've found for recent firefox releases is to do Location: fakeuri:whatever
Forum: XSS Info
5 years ago
kuza55
Haha, would've been funnier if they'd just backdoored all the tools on that site though, :p
Forum: News and Links
5 years ago
kuza55
I usually find that making the domain resolve to something invalid usually works just as well as actually emulating what the program expects to get back (in most cases, you can't really sell an app that doesn't work when there's no internet).
Forum: OMG Ponies
Pages: 12345...LastNext
Current Page: 1 of 13