Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
How robots and spiders are causing issues, how to stop them. We can also talk about Completely Automated Public Turing Test To Tell Computers And Humans Apart - their use, their compliance issues, porn proxies, PWNtcha and other ways to defeat them. 

Current Page: 1 of 1
Results 1 - 28 of 28
5 years ago
busin3ss
Thanks :)
Forum: OMG Ponies
5 years ago
busin3ss
I get all excited each time I see it :) http://blackhatseo-blog.com/how-we-gamed-digg-for-fun-and-profit Thought you guys might appreciate this kind of stuff.
Forum: OMG Ponies
6 years ago
busin3ss
Great stuff, thanks maluc!
Forum: Robots/Spiders/CAPTCHAs, oh my
6 years ago
busin3ss
Nothing illegal or unlawful... Don't you worry ;)
Forum: Jobs
6 years ago
busin3ss
Looking for some with experience in pwning Wordpress blogs (a.k.a Wordpress Security Expert) to work on a project with me. Quick money. Fun Job. Chicks will love you. PM if you are interested
Forum: Jobs
7 years ago
busin3ss
The problem is that I have a XSS in a subdomain and I want to access a file in the main domain :)
Forum: OMG Ponies
7 years ago
busin3ss
var xmlhttp; function loadXMLDoc(url) { xmlhttp = null; if (window.XMLHttpRequest) { xmlhttp = new XMLHttpRequest(); } else if (window.ActiveXObject) { xmlhttp=new ActiveXObject("Microsoft.XMLHTTP"); } if (xmlhttp!=null) { xmlhttp.onreadystatechange=state_Change; xmlhttp.open("GET",url,true); xmlhttp.send(null); } } function state_Change() { if
Forum: OMG Ponies
7 years ago
busin3ss
rsnake Wrote: ------------------------------------------------------- > ...and/or you can use the MHTML vuln in IE7.0 to > read across domains. I tried that a million times, but for some reason it doesn't work with URLs with question marks (?u=http://google.com) Weird, but still doesn't work
Forum: XSS Info
7 years ago
busin3ss
Mirror or Jikto -> http://busin3ss.name/jikto-in-the-wild
Forum: OMG Ponies
7 years ago
busin3ss
Downloading Firebug right know... For those who want to download the source code (Since all mirrors are offline): http://busin3ss.name/jikto-in-the-wild
Forum: OMG Ponies
7 years ago
busin3ss
Ryan Naraine Wrote: ------------------------------------------------------- > The code has since been posted to the Sla.ckers.org forum. > Hacker RSnake discusses nippets of the code, which can be > used to hunt for common security holes and then connect > back to its controller for instructions on which Web sites > to hit and >which flaws to look for. Hahahaha...
Forum: OMG Ponies
7 years ago
busin3ss
Well there are four files, I just coded a quick php file to replace control control.txt and changed the var GUIURL. I'm trying without using a "proxy", I'm scanning a site in the same domain (To bypass the Same Origin Policy)... But I get this weird javascript errors Is there any chance that I can see a working demo blad3? Just to see how your are testing
Forum: OMG Ponies
7 years ago
busin3ss
Anyone playing with this tool? I need some guidance :)
Forum: OMG Ponies
7 years ago
busin3ss
Well is not that hard, you can XML HTTP Request the page with the token if you find a XSS vector
Forum: XSS Info
7 years ago
busin3ss
BTW... Hahaha... Can anybody port to PHP the spelling/grammatical checker from Microsoft Office?
Forum: Intro
7 years ago
busin3ss
rsnake Wrote: ------------------------------------------------------- > Interesting. I've thought about doing similar > things in the past, but I always get caught up in > one example where African American = black but > black != African American. Case in point: > > http://ha.ckers.org/images/african-american-blunde > r.jpg > > Do you attempt to get around
Forum: Intro
7 years ago
busin3ss
Yes, if you find some XSS vector you can parse the HTML and extract that token with javascript and take total control of the account. You can change password, digg, undigg... etc...
Forum: XSS Info
7 years ago
busin3ss
Next time let me know before reporting it so we can make some $$$ :)
Forum: Full Disclosure
7 years ago
busin3ss
psifertex Wrote: ------------------------------------------------------- > @busin3ss: that type of attack goes by the name of > CSRF (cross-site request forgery) I know :P But still, I haven't found an XSS in the friend adder, so it would be great if Ghozt could elaborate more about it
Forum: Full Disclosure
7 years ago
busin3ss
Ghozt Wrote: ------------------------------------------------------- > There's one in their new invitefrom feature too. XSS? I know there is a auto-friend adder but that's not XSS, just lame security :P
Forum: Full Disclosure
7 years ago
busin3ss
Original source: http://mybeni.rootzilla.de/mybeNi/2007/digg_delicious_netscape_technorati_hacked/ He didn't shared the code, but I was already using that XSS so here it is: http://digg.com/offbeat_news/Digg_Delicious_Netscape_And_Technorati_Hacked?creplyto=5943349'%22%3E<h1>XSS</h1> It was working like a charm for a couple of weeks, but since he reported it to Digg it seem
Forum: Full Disclosure
7 years ago
busin3ss
rsnake Wrote: ------------------------------------------------------- > Interesting. Any high level tech you can share? Well it's the approach you have when you spam. For example a lot of people use markov chains to create unique content from article databases or scraped content from other blogs for example. For a spider markov'ed text looks unique, and it doesn't get penalized like dupli
Forum: Intro
7 years ago
busin3ss
Yes, people in DigitalPoint call it click bombing. You can install AdLogger and just allow one click per user to protect from an attack like that.
Forum: Search Engine Hacking and SEO
7 years ago
busin3ss
I'm getting some 404 when I try to download their API... But it looks promising
Forum: Robots/Spiders/CAPTCHAs, oh my
7 years ago
busin3ss
Thanks for the welcome. It's good that you are getting more and more into BH SEO, because you can't fight what you don't know. And sometimes I get annoyed by spam too, that's why I'm constantly trying to increase the quality of my spam (Is there such a thing?) It's a crazy personal concept that I like to call "spam 2.0" :)
Forum: Intro
7 years ago
busin3ss
id Wrote: ------------------------------------------------------- > The blog link is fine, and welcome to the forums, > always good to have more perspectives. Thanks! Looking forward to contribute something
Forum: Intro
7 years ago
busin3ss
Thanks a lot Awesome AnDrew, I also like your site a lot (Specially the XSS stuff :P)
Forum: Intro
7 years ago
busin3ss
Hey I'm just stopping by to say hello! I love the blog and the forums, great source of information! I'm not sure if I can post a link to my personal blog, but since it's somehow related to the topic of web security I'm going to post it, if I'm not supposed to... Just tell me and I'll delete the link Title: busin3ss > spam 2.0 URL: http://busin3ss.name/ Thanks a lot, and keep the fu
Forum: Intro
Current Page: 1 of 1