Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Ways to improve page rank, or deceptively get more users to your websites or away from your competition. Where you can discuss SEO (search engine optimization) issues as it relates to computer security. 

Current Page: 1 of 1
Results 1 - 17 of 17
5 years ago
sjraptor
backbone Wrote:Quote @rvdh: You got me wrong. By that I meant that the attacker by being able to see the ini file would no longer have to guess the table in case of an SQL Injection (talking about mysql 4). And yes, it seems to me as you are assuming I made the script /:). I recommended it because it's sql injection free and loved the idea of passing encrypted data to the backend without using
Forum: Projects
6 years ago
sjraptor
The ONLY way to protect against XSS is to perform proper output entity encoding, for HTML, CSS and JavaScript. Doing anything else is just a rat race.
Forum: XSS Info
6 years ago
sjraptor
Just goes to show, leave the laptops at home next time you head to a security conference. Airport and hotel included.
Forum: News and Links
6 years ago
sjraptor
I hear there is an "unofficial" IRC channel somewhere on the net.
Forum: OMG Ponies
6 years ago
sjraptor
Kyran Wrote: ------------------------------------------------------- > It's other's....the 's is possessive...hah! Fragge is right. I wasn't sure at the time, but I knew thrill was wrong. haha, It should be others'. The "others" are possessive. It does not pay to be a grammar nazi.
Forum: OMG Ponies
6 years ago
sjraptor
thrill Wrote: ------------------------------------------------------- > ahh.. the joys of being perfect and being able to > point out others faults.. > > EDIT: ha! had a misspelling.. ;) Yeah, you have another one too. > other's
Forum: OMG Ponies
6 years ago
sjraptor
Or what about using SQL injection to perform XSS? oooohhaaa ;)
Forum: XSS Info
6 years ago
sjraptor
Ok, going tab by tab: General: The only options checked are "Left clicking on NoScript..." with "Full domains" Plugins: All checked except for "Apply these restrictions to trusted sites too" and the last two. Advanced|Untrusted: "Forbid <a ping...>" and "Attempt to fix JavaScript links" are checked. Advanced|Trusted: Only first op
Forum: OMG Ponies
6 years ago
sjraptor
Why not just continue using OWASP Phoenix/Tools like everyone else?
Forum: News and Links
6 years ago
sjraptor
I used to play saxophone, wish I still did. I seemed to get a lot more women then too. :P Welcome. :)
Forum: Intro
7 years ago
sjraptor
nice.. still there <script>alert('XSS')</script>" /&gt;
Forum: Full Disclosure
7 years ago
sjraptor
What blogging platform does Giorgio use?
Forum: Search Engine Hacking and SEO
7 years ago
sjraptor
http://shop.ecompanystore.com/foxnews/FOX_ProductList.asp?CATALOG=FOX&ID=76&TYPE=FOX+News+Tuesday%3Cscript%3Ealert('xss')%3C/script%3E nothing special here... POC. is that it???
Forum: Full Disclosure
7 years ago
sjraptor
http://tssci-security.com always learning
Forum: News and Links
7 years ago
sjraptor
Hey christ1an, I put together this yahoo pipe a couple weeks ago... It's strictly web app security related and includes pretty much every blog of every person that visits sl.ackers and then some. http://pipes.yahoo.com/pipes/pipe.info?_id=6DtXKisf3BG9zrnHyzUFzw
Forum: News and Links
7 years ago
sjraptor
Cool, I just sent a link with description out to our App Sec program leaders. Thanks
Forum: News and Links
7 years ago
sjraptor
Hey all. Long time fan of ha.ckers and sla.ckers, I've been following the blog and lurking the forum for a while. I'm 20, still in college, on my second internship, and still very new to web app security. I know a little html/css (like larkadragon said above, "my jaw dropped" with that example) and have some idea behind some of the stuff you guys do. But... I'm doing my best to learn and
Forum: Intro
Current Page: 1 of 1