Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Ways to improve page rank, or deceptively get more users to your websites or away from your competition. Where you can discuss SEO (search engine optimization) issues as it relates to computer security. 

Current Page: 1 of 1
Results 1 - 8 of 8
3 years ago
Bullet
Albino, I have tried bypass Comitari's full version product, but without any success - It blocked all XSS, ClickJacking, Phishing, CSRF attempts. Btw, it blocks all attacks even before IE's XSS & phishing filters. If you'll (If you'll get only the free version, so try bypass their CJ), please share it with us.
Forum: XSS Info
3 years ago
Bullet
Comitari products protects against different client side web attacks; ClickJacking, XSS, CSRF, Phishing, File Stealing via browser, Buffer Overflow and others. The interesting thing (that relevant for this post) is that their product: 1) Protects against ClickJacking on all IE versions (IE6, IE7, IE8, IE9 beta) in all ClickJacking variants (Dynamic iFrame's properties like CSS, URL and some ot
Forum: XSS Info
4 years ago
Bullet
There is Online ClickJacking Demo. You can test your website to see if it's vulnerable to ClickJacking, you just need to type the URL/IP. http://narkolayev-shlomi.blogspot.com/2010/01/clickjacking-facebook.html BTW, OWA also vulnerable to CJ, enjoy ;-)
Forum: Search Engine Hacking and SEO
4 years ago
Bullet
For Spoofing email addresses, you can use Social Networks "password reset" pages. More details on the attack: http://news.cnet.com/8301-1009_3-10205476-83.html
Forum: Search Engine Hacking and SEO
4 years ago
Bullet
Try getting more privileged user password and upload files (After it use john the ripper for converting hash to password). SELECT user, password FROM mysql.user; You can try execute remote commands on the machine. Check if they setup interesting UDF like lib_mysqludf_sys functions.
Forum: SQL and Code Injection
4 years ago
Bullet
takis, it's not nice to hack political websites like: http://www.loverdos.gr/gr/ ;-) Her's their response: On Saturday afternoon October 10 2009, hackers attempted to break this site, in order to formulate and send their text to a large number of recipients. The attempted breach was identified directly from the company that maintains the website and invasion halted ...
Forum: SQL and Code Injection
4 years ago
Bullet
Try bypassing techniques like: 1) HPP (HTTP Parameter Pollution) - If it's ASP+IIS: Encode the attack using url encoding (URL_Encode(,)=%2c) and split it in between the '%' and "2c". 2) Try using SQL comments like /**/ - Many filters just filter this input (/*,*/). 3) You can use union: select username from users union select password from users union select .... I think it'
Forum: SQL and Code Injection
4 years ago
Bullet
This page is probably vulnerable to SQLi; 1=2 lead to error while 1=1 didn't - this page is vulnerable to blind SQLi. You can make sure for 100% by using this: /Email2Friend.aspx?WebID=54;+waitfor+DELAY+’00:00:30’ If you'll got delay for 30 secs, so the page is vuln to SQLi and you can do what ever you wish, like xp_cmdshell (in MS-MSQL...), etc. I also suggest you to try HPP (HTTP P
Forum: SQL and Code Injection
Current Page: 1 of 1