Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
How robots and spiders are causing issues, how to stop them. We can also talk about Completely Automated Public Turing Test To Tell Computers And Humans Apart - their use, their compliance issues, porn proxies, PWNtcha and other ways to defeat them. 

Current Page: 1 of 1
Results 1 - 8 of 8
5 years ago
spearfish
So the take-away message here would be to split up the pieces of that function so that nothing gets messed up?
Forum: XSS Info
5 years ago
spearfish
I feel like we've run into a slight misunderstanding here, largely my fault for being ambiguous. When I wrote this question I was thinking of was something like this: $username = escape($_GET['username']); $query = "SELECT password, password_salt FROM members WHERE username = '{$username}' LIMIT 1"; # Compare password, etc. if ($real_password != $password) { die("
Forum: XSS Info
5 years ago
spearfish
Luckily, I'm still developing the application and it's in pre-release inside a protected web folder. Let me also clarify: I'm only doing this on data I cannot trust at all. e.g., if I am able to filter with a whitelist the data (via a switch) and know that a strong is either "will" or "won't", I know that it's not malicious and don't have to escape it. Now I'm not too ke
Forum: XSS Info
5 years ago
spearfish
Thanks guys! I found this place looking for information on XSS. I was tired of hearing about it over and over but not understanding what it was. The original document from Microsoft Research was on ha.ckers.org, and I found it via Google. That really helped me understand the attack and found several vulnerabilities in my coding and some of my buddies'. Shortly after I realized the wealth
Forum: Intro
5 years ago
spearfish
Hi all, For a web application I am developing I have created a very simple function for escaping data. Since I am rather new to this (I never understood how XSS was a problem until about a week and a half ago), I'd like to run it by somebody to make sure that I won't end up with my site hacked. The language is PHP, and the function assumes a valid MySQL connection (the application would hav
Forum: XSS Info
5 years ago
spearfish
I actually see this as just another "security through obscurity" type deals. As soon as this gets popular, it'll be broken almost immediately. And if it doesn't get popular? Well then it's not guarding anything very important now is it.
Forum: Robots/Spiders/CAPTCHAs, oh my
5 years ago
spearfish
Hi all, I'm Eric, I go by whatever though (although it's nice if it pertains to my username / real name in someway). I guess I'm a new-ish kid on the block, I wrote my first lines of code about a year ago but that was just HTML. My obsession with code has been growing exponentially over the last month or so; and I've only been into security for a week or so (although it's practically taken
Forum: Intro
5 years ago
spearfish
I would agree that he's most likely a private investigator trying to run some kind of Media Sentry deal. Unfortunately he's making a lot of assumptions... this is more or less gray hat stuff. Probably the biggest one is that he / his guy(s) won't get caught. If you're not asking for any experience, you'll end up caught. Unless you're lucky.
Forum: Jobs
Current Page: 1 of 1