Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Ways to stop spam, detect robotic activity, and actually harm the spam trade, as well as how it works, how to circumvent filters, etc. 

Pages: 12345Next
Current Page: 1 of 5
Results 1 - 30 of 144
3 years ago
christ1an
I should mention that the forms enctype must be application/x-www-form-urlencoded, otherwise I can't circumvent the IPS that's running. I just can't get my browser to send out an unencoded zero byte.
Forum: XSS Info
3 years ago
christ1an
Hi, I'd like to prepare a proof-of-concept for an xss vulnerability that is based on sending a zero-byte character before the actual malicious code. Without that \0, the applications IPS will refuse the request. I can't manage to place a zero-byte inside an auto-submitting HTML form. How can I do this? Thanks!
Forum: XSS Info
6 years ago
christ1an
rsnake Wrote: ------------------------------------------------------- > I'm by no way disparaging your work. I'm only > saying I think this is the wrong approach. > Blacklists have been proven to fail for 17 pages. > Which page do we need to get to before everyone > agrees? So far everyone is saying it can't be > done (I agree) - and to me that is the definition >
Forum: Projects
7 years ago
christ1an
Oh sorry guys if my post made the impression that I would like you to stop what you're doing. That is not the case at all. Please don't think that. If you did, I would be ashamed of myself. Its just some thoughts that went through my head and I tried to answer xorrers question. We are all enjoying what we're doing and what we're achieving as a team in collaboration, aren't we? As I said, let
Forum: Projects
7 years ago
christ1an
I think this question could be interesting for others too. On the PHPIDS mailing list, xorrer asked a good question: Quote christ1an: > Anyway, nothing of this really has todo with intrusion detection. Its > just circumventing a blacklist filter and hope that the browser > executes it. xorrer: I don't really understand this statement. So you don't consider XSS attacks to be som
Forum: Projects
7 years ago
christ1an
Highly impressive what you guys can do with javascript. Thanks for all contributions.
Forum: Projects
7 years ago
christ1an
How could the first two examples possibly be exploited for malicious purposes? I do not see any danger in them.
Forum: Projects
7 years ago
christ1an
We have enhanced the SQL Injection detection vectors again. I would appreciate if anyone would try to inject malicious code. http://phpids.heideri.ch/?test=xxx Thanks!
Forum: Projects
7 years ago
christ1an
Should be public now ;)
Forum: Projects
7 years ago
christ1an
I have wrote down some thoughts concerning the detection of sql injection attacks. Maybe someone has comments on that. http://groups.google.com/group/php-ids/browse_thread/thread/cc30f2ca52bc50df
Forum: Projects
7 years ago
christ1an
Quote;document.write(document.cookie);// can be injected O.O, there are so many places to put bad input =oD yay! Basically correct however pretty much useless for an attacker. If he really wants to gain data or anything, he's going to need more code which is likely to be detected by the IDS. That however does not mean that it's impossible to get through. Therefore, feel free to inject real harmfu
Forum: Projects
7 years ago
christ1an
You're right, that should be faster. I'm going to check that, thanks!
Forum: Projects
7 years ago
christ1an
Thanks WhiteAcid but sorry I don't get what you want to say :/ Could you maybe leave the code away and firstly describe what cought your attention? Ah and, which version is that? I'm aware of the fact that we have no version handling at the time, thats my fault I'm sorry. You can get the youngest version from here http://phpids.googlecode.com/svn/trunk/
Forum: Projects
7 years ago
christ1an
thrill: A manual will be released along with the final version of IDS in a few days. That will also include examples. Thanks.
Forum: Projects
7 years ago
christ1an
I'd like to inform you about the current state of this project, information are available here: http://christ1an.blogspot.com/2007/05/php-based-intrusion-detection-system.html If you have any ideas, feel free to leave a comment.
Forum: Projects
6 years ago
christ1an
sirdarckcat Wrote: ------------------------------------------------------- > fukami Wrote: > -------------------------------------------------- > ----- > > and nearly all nerds are able to speak English. > > hahahaha Honestly, thats true! I've looked in peoples faces who stared back so stupidly that I thought they must have left school with 14 years or so. For som
Forum: OMG Ponies
6 years ago
christ1an
Happy new year guys! A little too late, I know :P
Forum: OMG Ponies
6 years ago
christ1an
Definitely nice week, I'm glad to have met you guys. Ahm and, before I forget this... kuza55 I still hate you *arsehole* :) Keep me posted on BlueHat.
Forum: OMG Ponies
7 years ago
christ1an
Well, I don't attend on expensive events either. This one, as opposed to deepsec where I would have loved to attend to, is rather cheap. 80 euro to get in, plus the travel costs. Maybe cheap is the wrong expression but you certainly don't have to be rich ;) Ronald, aren't you living somewhere near the german border? Come to me and we'll go there together. Train is 29 euro from here to berlin.
Forum: OMG Ponies
7 years ago
christ1an
I'll probably be there, along with .mario. Cya guys then!
Forum: OMG Ponies
7 years ago
christ1an
wtf is that?
Forum: OMG Ponies
7 years ago
christ1an
Hehe, funny. Now you got the grandma pr0n shirt ;-) QuoteIf you haven't sent them yet, please make mine either of the first two, not the last one. I don't want to have to explain the story behind grandma porn to everyone, including my parents.
Forum: OMG Ponies
7 years ago
christ1an
By the way, my lazy XSS attempts surely didn't work, did they? :)
Forum: OMG Ponies
7 years ago
christ1an
I wonder why it actually had so little relation to Web (application) security. Maybe something to take into account for the next round, rsnake. I guess you know what I mean, won't tell it now for those who are still trying.
Forum: OMG Ponies
7 years ago
christ1an
Apparently he did, you cheated :P No just kidding.
Forum: OMG Ponies
7 years ago
christ1an
I'm not sure if me request was accepted. Could you please check that rsnake?
Forum: OMG Ponies
7 years ago
christ1an
Stefan, twice.
Forum: OMG Ponies
7 years ago
christ1an
Rsnake I don't like your stupid images :P Does the number 112 have anything to do with the contest? :)
Forum: OMG Ponies
7 years ago
christ1an
For the record, I checked yesterday and again found some reflective XSS flaws on their site. Obviously they don't care, don't listen, don't do anything but shooting new vulnerable features. I'll keep having an eye on 'em but surely not forever. Ah and, did I mention that the Google Security Team doesn't really deserve that title? Pretty funny actually, seems like Google's employees have raffled
Forum: Full Disclosure
7 years ago
christ1an
Actually, it's not hopeless at all. Just wait for the next upgrade and you'll find some.
Forum: Full Disclosure
Pages: 12345Next
Current Page: 1 of 5