Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Ways to stop spam, detect robotic activity, and actually harm the spam trade, as well as how it works, how to circumvent filters, etc. 

Pages: 12345...LastNext
Current Page: 1 of 8
Results 1 - 30 of 225
3 years ago
SW
I wish I was around in the 80s, sounds like so much more fun. Nowadays hacking is too hard and complex, it's tough to get the lulz from it. And since everyone is socially networked, that provides a faster/easier way to get lulz from the computer. And social networking is quite thoroughly engrained in any young hackers who have naturally grown up on the messageboards and forums and chats. Trolling
Forum: OMG Ponies
3 years ago
SW
Does it really matter if they "stole" ascii art? :D
Forum: OMG Ponies
3 years ago
SW
"FiRSE" or "FLRSE" = FIRST? "CDɴSE" = SECOND? I find that interpretation quite hard to believe.... There seems something special with the ɴ symbol, which is occurring many times in both notes. It probably shouldn't be grouped with CBE. Too bad his hand writing is so crappy it's a guess on many letters.
Forum: Obfuscation
3 years ago
SW
What happened to that nice google docs page of up to date xss vectors? :P
Forum: XSS Info
3 years ago
SW
Nice
Forum: OMG Ponies
3 years ago
SW
Can you can execute javascript without any = or ()?
Forum: XSS Info
3 years ago
SW
@LeverOne .. wow you find lots here. :P @Gareth .. unfortunately I think it will be impossible to fix 100%, and impossible to allow all syntax without a complete parser
Forum: XSS Info
3 years ago
SW
/*//*/alert(parent.location)//
Forum: XSS Info
3 years ago
SW
/**/alert/**/(parent/**/.location/**/);
Forum: XSS Info
3 years ago
SW
alerted cookie in 7 chars, or alert anything?
Forum: Obfuscation
3 years ago
SW
Too hard. Must rely on some encoding trick or something I don't know about. :P
Forum: XSS Info
4 years ago
SW
You must find an exploit of the browser for that which would be quite serious, XSS is just for javascripting and usually not very useful.
Forum: XSS Info
4 years ago
SW
Most sites don't check the referrer, do you think that one does?
Forum: CSRF and Session Info
4 years ago
SW
That is hilarious. :D
Forum: XSS Info
4 years ago
SW
Well I didn't find any with 5 min of googling so I decided to store the information on same domain, then leak it from non-secure page.
Forum: XSS Info
4 years ago
SW
When you get a persistent XSS in a secure page, and you want to transfer data out (logging, email, etc) without having warnings pop up in IE, is there any good free options?
Forum: XSS Info
4 years ago
SW
Nice link thanks!
Forum: Obfuscation
4 years ago
SW
I try adding mysql injection to these particular fields, but the results are almost meaningless to me. I cannot detect the pattern behind them. For instance. x=1000 ... many results x=1000" and "abc"="abc ... a few results x=1000" and "abc"="def ... a few different results In all cases the results really have x=1000. I don't know what effec
Forum: SQL and Code Injection
4 years ago
SW
Looking good! Needs more functions before I switch over from using google as my calculator.
Forum: News and Links
4 years ago
SW
If they're using Tor... hehe.
Forum: XSS Info
4 years ago
SW
Yea that's pretty brilliant.
Forum: Obfuscation
4 years ago
SW
Hi! I tried it, but it doesn't seem to work unfortunately... It returns error FUNCTION db_name.array does not exist. Seems like it returns an array or something rather than a string. :( I also tried INTO OUTFILE. It seems I can only write in /db/data, and it throws errors if I try to go to /var/www/sitename/htdocs. There must be a restriction. The only way I get information leaked is in
Forum: SQL and Code Injection
4 years ago
SW
I figured out how to print usernames and passwords (stored in plain text apparently) in the error message. :) Would be nice to export the whole table for future reference. Any idea?
Forum: SQL and Code Injection
4 years ago
SW
I got database(), user(), version=5.0.86, etc. (from error messages) Can I make this print out useful information?
Forum: SQL and Code Injection
4 years ago
SW
I hope someone with more experience could give me ideas. I've found only 2 pages so far on a site that aren't filtered. 1. ...?id=##invalid## and 'a'='a' and UNION select <13 numbers> The only information output to the page is taken from secondary queries to a different table based on some of the numbers returned in the UNION. 2. ...?value=##&field=name/*whatever*/ On
Forum: SQL and Code Injection
4 years ago
SW
New version: http://discogscounter.getfreehosting.co.uk/js-noalnum_com.php?txt=alert%28%22XSS%22%29 Changes: - no regex, recursive parsing, so no stepping - added rest of letters and symbols - allows single/double quotes, no nested - deals with numbers vs. string numbers - there are a few "optimizations" still to be worked out, both on the letters, and on the wrapping rules - s
Forum: Obfuscation
4 years ago
SW
27. j
k
Forum: Jobs
4 years ago
SW
Thanx for looking LeverOne. Could you explain how it's strategically better to use filter.constructor than window.eval? I think they are around the same length, well, I don't mind which is used. :) Good tip on the numbers, I will fix this and the nested quotes. One problem with using filter.constructor("eval(...)") is if you need quotes it will be quite long, I think it's like 500
Forum: Obfuscation
4 years ago
SW
Run this for a few days? http://3.14.by/en/md5
Forum: SQL and Code Injection
4 years ago
SW
I made a script to automatically expand something into the []()+! charset, no alnum. It's simple, and probably buggy, and I didn't enter all the characters yet. Check it, tell me errors or functions/objects missing (P.S. it only intends to convert normal, well-formed input). http://discogscounter.getfreehosting.co.uk/js-noalnum.php?txt=alert%28%22ecs%20ess%20ess%22%29 Edit1: I see numb
Forum: Obfuscation
Pages: 12345...LastNext
Current Page: 1 of 8