Warning: fsockopen() [function.fsockopen]: unable to connect to sla.ckers.org:80 (No route to host) in /var/www/www.schuirink.net/www/xml/snoopy/snoopyclass.php on line 1149
using alternative parser
codepage:iso-8859-1
array(7) {
  ["encoding"]=>
  string(10) "iso-8859-1"
  ["title"]=>
  string(30) "Web Application Security Forum"
  ["link"]=>
  string(36) "http://sla.ckers.org/forum/index.php"
  ["language"]=>
  string(2) "EN"
  ["lastBuildDate"]=>
  string(31) "Fri, 12 Sep 2008 22:36:21 -0500"
  ["items"]=>
  array(30) {
    [0]=>
    array(7) {
      ["title"]=>
      string(49) "[Wireless Security] Re: Sharing Wireless Securely"
      ["link"]=>
      string(59) "http://sla.ckers.org/forum/read.php?5,24519,24549#msg-24549"
      ["description"]=>
      string(275) ">> OpenVPN adds nothing except you could keep Wireless User from being sniffed, but who cares if they aren't your Mom...

Personally I don't care either, just trying to keep my mom's data safe from being snooped on by a tenant. Thanks for the quick and simple answer!"
      ["author"]=>
      string(14) "CrYpTiC_MauleR"
      ["category"]=>
      string(17) "Wireless Security"
      ["guid"]=>
      string(59) "http://sla.ckers.org/forum/read.php?5,24519,24549#msg-24549"
      ["pubDate"]=>
      string(31) "Fri, 12 Sep 2008 22:36:21 -0500"
    }
    [1]=>
    array(7) {
      ["title"]=>
      string(24) "[News and Links] Re: IKE"
      ["link"]=>
      string(60) "http://sla.ckers.org/forum/read.php?13,24545,24548#msg-24548"
      ["description"]=>
      string(95) "I find this inexcusable! I demand that you build wind turbines to harness power for the server!"
      ["author"]=>
      string(14) "CrYpTiC_MauleR"
      ["category"]=>
      string(14) "News and Links"
      ["guid"]=>
      string(60) "http://sla.ckers.org/forum/read.php?13,24545,24548#msg-24548"
      ["pubDate"]=>
      string(31) "Fri, 12 Sep 2008 22:32:59 -0500"
    }
    [2]=>
    array(7) {
      ["title"]=>
      string(61) "[SQL and Code Injection] why i cant see number of the columns"
      ["link"]=>
      string(60) "http://sla.ckers.org/forum/read.php?16,24547,24547#msg-24547"
      ["description"]=>
      string(183) "the wrong is desaber and ther is no column numbers 
the is the site and i stop here pls hlp me 
www.skgo.org/code/navigate.php?Id=266+union+select+0,1,2,3,4,5,6,7,8,9,10,11,12,13,14"
      ["author"]=>
      string(5) "WESAM"
      ["category"]=>
      string(22) "SQL and Code Injection"
      ["guid"]=>
      string(60) "http://sla.ckers.org/forum/read.php?16,24547,24547#msg-24547"
      ["pubDate"]=>
      string(31) "Fri, 12 Sep 2008 19:07:36 -0500"
    }
    [3]=>
    array(7) {
      ["title"]=>
      string(49) "[Wireless Security] Re: Sharing Wireless Securely"
      ["link"]=>
      string(59) "http://sla.ckers.org/forum/read.php?5,24519,24546#msg-24546"
      ["description"]=>
      string(417) "You need to create 2 networks internally, let the users on different ones.
              
             /----- Your Mom (Wired network 192.168.1.0/24)
INTERNET ---|
             \----- Wireless User (Wireless network 192.168.2.0/24)

Make sure that Wireless User is firewalled from your Mom.

OpenVPN adds nothing except you could keep Wireless User from being sniffed, but who cares if they aren't your Mom..."
      ["author"]=>
      string(2) "id"
      ["category"]=>
      string(17) "Wireless Security"
      ["guid"]=>
      string(59) "http://sla.ckers.org/forum/read.php?5,24519,24546#msg-24546"
      ["pubDate"]=>
      string(31) "Fri, 12 Sep 2008 19:00:04 -0500"
    }
    [4]=>
    array(7) {
      ["title"]=>
      string(20) "[News and Links] IKE"
      ["link"]=>
      string(60) "http://sla.ckers.org/forum/read.php?13,24545,24545#msg-24545"
      ["description"]=>
      string(220) "Hurricane Ike is barreling down on us, and though I doubt we are affected much in Austin, we could experience a power outage, and with no generator here...server might be down a bit (The UPS will only last 10 min or so)."
      ["author"]=>
      string(2) "id"
      ["category"]=>
      string(14) "News and Links"
      ["guid"]=>
      string(60) "http://sla.ckers.org/forum/read.php?13,24545,24545#msg-24545"
      ["pubDate"]=>
      string(31) "Fri, 12 Sep 2008 18:31:04 -0500"
    }
    [5]=>
    array(7) {
      ["title"]=>
      string(68) "[Jobs] Re: Looking for 'Internet Investigators', can work from home!"
      ["link"]=>
      string(60) "http://sla.ckers.org/forum/read.php?17,24480,24544#msg-24544"
      ["description"]=>
      string(102) "No worries, I don't care if you're LE or anything else, it's up to whoever contacts you to be ethical."
      ["author"]=>
      string(2) "id"
      ["category"]=>
      string(4) "Jobs"
      ["guid"]=>
      string(60) "http://sla.ckers.org/forum/read.php?17,24480,24544#msg-24544"
      ["pubDate"]=>
      string(31) "Fri, 12 Sep 2008 18:27:26 -0500"
    }
    [6]=>
    array(7) {
      ["title"]=>
      string(27) "[OMG Ponies] Re: 1:45 to go"
      ["link"]=>
      string(60) "http://sla.ckers.org/forum/read.php?11,24472,24543#msg-24543"
      ["description"]=>
      string(196) ">> Anyway, she'll fix any problems 

I don't use any tech support services such as Geek Squad or Firedog, but if their techs looked like that I would be scheduling repairs all the time =oP"
      ["author"]=>
      string(14) "CrYpTiC_MauleR"
      ["category"]=>
      string(10) "OMG Ponies"
      ["guid"]=>
      string(60) "http://sla.ckers.org/forum/read.php?11,24472,24543#msg-24543"
      ["pubDate"]=>
      string(31) "Fri, 12 Sep 2008 18:20:39 -0500"
    }
    [7]=>
    array(7) {
      ["title"]=>
      string(49) "[Wireless Security] Re: Sharing Wireless Securely"
      ["link"]=>
      string(59) "http://sla.ckers.org/forum/read.php?5,24519,24542#msg-24542"
      ["description"]=>
      string(482) "So OpenVPN will work for this setup?

1 DSL line

1 router using OpenWRT

2 users
    user1 - desktop (ethernet)
    user2 - laptop (wireless)

I want it so that user1 can access the internet and not have user2 eavesdrop on the connection or vice versa. So user1 has their own encrypted connection to internet and user2 has their own encrypted connection. Both will be sharing the same DSL through router but neither will be able to see what the other is doing on network."
      ["author"]=>
      string(14) "CrYpTiC_MauleR"
      ["category"]=>
      string(17) "Wireless Security"
      ["guid"]=>
      string(59) "http://sla.ckers.org/forum/read.php?5,24519,24542#msg-24542"
      ["pubDate"]=>
      string(31) "Fri, 12 Sep 2008 18:16:25 -0500"
    }
    [8]=>
    array(7) {
      ["title"]=>
      string(69) "[News and Links] Re: 11 arrested in massive credit card/id theft ring"
      ["link"]=>
      string(60) "http://sla.ckers.org/forum/read.php?13,24070,24541#msg-24541"
      ["description"]=>
      string(20) "I've been freed! =oD"
      ["author"]=>
      string(14) "CrYpTiC_MauleR"
      ["category"]=>
      string(14) "News and Links"
      ["guid"]=>
      string(60) "http://sla.ckers.org/forum/read.php?13,24070,24541#msg-24541"
      ["pubDate"]=>
      string(31) "Fri, 12 Sep 2008 18:07:44 -0500"
    }
    [9]=>
    array(7) {
      ["title"]=>
      string(27) "[OMG Ponies] Re: 1:45 to go"
      ["link"]=>
      string(60) "http://sla.ckers.org/forum/read.php?11,24472,24540#msg-24540"
      ["description"]=>
      string(240) "Gareth Heyes Wrote:
-------------------------------------------------------
> On the plus side a mini blackhole could give us
> somewhere to put all our garbage

Haha, yeah..just make sure you tie off before taking the trash out!"
      ["author"]=>
      string(10) "Cagekicker"
      ["category"]=>
      string(10) "OMG Ponies"
      ["guid"]=>
      string(60) "http://sla.ckers.org/forum/read.php?11,24472,24540#msg-24540"
      ["pubDate"]=>
      string(31) "Fri, 12 Sep 2008 18:04:22 -0500"
    }
    [10]=>
    array(7) {
      ["title"]=>
      string(47) "[SQL and Code Injection] Re: is thes  blind sql"
      ["link"]=>
      string(60) "http://sla.ckers.org/forum/read.php?16,24535,24539#msg-24539"
      ["description"]=>
      string(225) "I would suggest to read some articles about SQLi and setup a local server to see whats going on in detail instead of playing on sites you are not allowed. we wont participate at hacking all sites you'll find a SQLi vector on."
      ["author"]=>
      string(7) "Reiners"
      ["category"]=>
      string(22) "SQL and Code Injection"
      ["guid"]=>
      string(60) "http://sla.ckers.org/forum/read.php?16,24535,24539#msg-24539"
      ["pubDate"]=>
      string(31) "Fri, 12 Sep 2008 17:09:59 -0500"
    }
    [11]=>
    array(7) {
      ["title"]=>
      string(99) "[SQL and Code Injection] Re: pls help me in 4.1.22-standard database i can not find the admin table"
      ["link"]=>
      string(60) "http://sla.ckers.org/forum/read.php?16,24493,24538#msg-24538"
      ["description"]=>
      string(118) "I didnt checked the site, but you dont need quotes for load_file() if you use hex encoding like load_file(0x123123132)"
      ["author"]=>
      string(7) "Reiners"
      ["category"]=>
      string(22) "SQL and Code Injection"
      ["guid"]=>
      string(60) "http://sla.ckers.org/forum/read.php?16,24493,24538#msg-24538"
      ["pubDate"]=>
      string(31) "Fri, 12 Sep 2008 16:44:06 -0500"
    }
    [12]=>
    array(7) {
      ["title"]=>
      string(68) "[Jobs] Re: Looking for 'Internet Investigators', can work from home!"
      ["link"]=>
      string(60) "http://sla.ckers.org/forum/read.php?17,24480,24537#msg-24537"
      ["description"]=>
      string(25) "Missed it by *that* much!"
      ["author"]=>
      string(6) "thrill"
      ["category"]=>
      string(4) "Jobs"
      ["guid"]=>
      string(60) "http://sla.ckers.org/forum/read.php?17,24480,24537#msg-24537"
      ["pubDate"]=>
      string(31) "Fri, 12 Sep 2008 16:34:01 -0500"
    }
    [13]=>
    array(7) {
      ["title"]=>
      string(47) "[SQL and Code Injection] Re: is thes  blind sql"
      ["link"]=>
      string(60) "http://sla.ckers.org/forum/read.php?16,24535,24536#msg-24536"
      ["description"]=>
      string(80) "http://www.nationalassembly.af/index.php?id=4%20union%20select%200,1,2,3,4,5,6,7"
      ["author"]=>
      string(5) "WESAM"
      ["category"]=>
      string(22) "SQL and Code Injection"
      ["guid"]=>
      string(60) "http://sla.ckers.org/forum/read.php?16,24535,24536#msg-24536"
      ["pubDate"]=>
      string(31) "Fri, 12 Sep 2008 14:29:20 -0500"
    }
    [14]=>
    array(7) {
      ["title"]=>
      string(43) "[SQL and Code Injection] is thes  blind sql"
      ["link"]=>
      string(60) "http://sla.ckers.org/forum/read.php?16,24535,24535#msg-24535"
      ["description"]=>
      string(80) "http://www.nationalassembly.af/index.php?id=4%20union%20select%200,1,2,3,4,5,6,7"
      ["author"]=>
      string(5) "WESAM"
      ["category"]=>
      string(22) "SQL and Code Injection"
      ["guid"]=>
      string(60) "http://sla.ckers.org/forum/read.php?16,24535,24535#msg-24535"
      ["pubDate"]=>
      string(31) "Fri, 12 Sep 2008 14:28:47 -0500"
    }
    [15]=>
    array(7) {
      ["title"]=>
      string(69) "[News and Links] Re: 11 arrested in massive credit card/id theft ring"
      ["link"]=>
      string(60) "http://sla.ckers.org/forum/read.php?13,24070,24534#msg-24534"
      ["description"]=>
      string(176) "One of them pled guilty.  (Not a week old article.) =o)


http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9114579&intsrc=hm_ts_head"
      ["author"]=>
      string(10) "Cagekicker"
      ["category"]=>
      string(14) "News and Links"
      ["guid"]=>
      string(60) "http://sla.ckers.org/forum/read.php?13,24070,24534#msg-24534"
      ["pubDate"]=>
      string(31) "Fri, 12 Sep 2008 14:26:36 -0500"
    }
    [16]=>
    array(7) {
      ["title"]=>
      string(42) "[XSS Info] Re: possible xss in phpBB-addon"
      ["link"]=>
      string(59) "http://sla.ckers.org/forum/read.php?2,24526,24533#msg-24533"
      ["description"]=>
      string(294) "Starting with a forward slash is not allowed (I suppose we have to match against a RegEx for urls - will find out about that in phpbb-code as well). I will think about a possible circumvention later - after reading the mentioned topic

Thanks for your input - gonna check that out tomorrow :)"
      ["author"]=>
      string(5) "chosi"
      ["category"]=>
      string(8) "XSS Info"
      ["guid"]=>
      string(59) "http://sla.ckers.org/forum/read.php?2,24526,24533#msg-24533"
      ["pubDate"]=>
      string(31) "Fri, 12 Sep 2008 12:49:45 -0500"
    }
    [17]=>
    array(7) {
      ["title"]=>
      string(99) "[SQL and Code Injection] Re: pls help me in 4.1.22-standard database i can not find the admin table"
      ["link"]=>
      string(60) "http://sla.ckers.org/forum/read.php?16,24493,24532#msg-24532"
      ["description"]=>
      string(34) "i try it but it the magek qutes on"
      ["author"]=>
      string(5) "WESAM"
      ["category"]=>
      string(22) "SQL and Code Injection"
      ["guid"]=>
      string(60) "http://sla.ckers.org/forum/read.php?16,24493,24532#msg-24532"
      ["pubDate"]=>
      string(31) "Fri, 12 Sep 2008 12:08:32 -0500"
    }
    [18]=>
    array(7) {
      ["title"]=>
      string(42) "[XSS Info] Re: possible xss in phpBB-addon"
      ["link"]=>
      string(59) "http://sla.ckers.org/forum/read.php?2,24526,24531#msg-24531"
      ["description"]=>
      string(194) "try a forward slash to separate the closing quotation mark and the new attribute.  Also, you might find some useful info in this related thread: http://sla.ckers.org/forum/read.php?2,18369,18496"
      ["author"]=>
      string(10) "thornmaker"
      ["category"]=>
      string(8) "XSS Info"
      ["guid"]=>
      string(59) "http://sla.ckers.org/forum/read.php?2,24526,24531#msg-24531"
      ["pubDate"]=>
      string(31) "Fri, 12 Sep 2008 12:02:49 -0500"
    }
    [19]=>
    array(7) {
      ["title"]=>
      string(49) "[Wireless Security] Re: Sharing Wireless Securely"
      ["link"]=>
      string(59) "http://sla.ckers.org/forum/read.php?5,24519,24530#msg-24530"
      ["description"]=>
      string(19) "yum install openvpn"
      ["author"]=>
      string(3) "ntp"
      ["category"]=>
      string(17) "Wireless Security"
      ["guid"]=>
      string(59) "http://sla.ckers.org/forum/read.php?5,24519,24530#msg-24530"
      ["pubDate"]=>
      string(31) "Fri, 12 Sep 2008 11:37:42 -0500"
    }
    [20]=>
    array(7) {
      ["title"]=>
      string(68) "[Jobs] Re: Looking for 'Internet Investigators', can work from home!"
      ["link"]=>
      string(60) "http://sla.ckers.org/forum/read.php?17,24480,24529#msg-24529"
      ["description"]=>
      string(320) "Sorry, didn't mean to break your cover, Mr. Smart. Maybe we should break out the Cone of Silence to have this conversation?

Edit: It's been called to my attention that "Get Smart" is way before even my time...and I was raised watching the re-runs of it...So, the above might not make much sense to some. :o\"
      ["author"]=>
      string(10) "Cagekicker"
      ["category"]=>
      string(4) "Jobs"
      ["guid"]=>
      string(60) "http://sla.ckers.org/forum/read.php?17,24480,24529#msg-24529"
      ["pubDate"]=>
      string(31) "Fri, 12 Sep 2008 11:18:51 -0500"
    }
    [21]=>
    array(7) {
      ["title"]=>
      string(42) "[XSS Info] Re: possible xss in phpBB-addon"
      ["link"]=>
      string(59) "http://sla.ckers.org/forum/read.php?2,24526,24528#msg-24528"
      ["description"]=>
      string(456) "I got a little further: (again [-brackets are replaced)

D(latex]E(url=http://example.org/?;onerror=window.location=//example.org/+//test.html]text(/url]B(/latex]C

leads to:

DC

So I'm nearly inserting an eventhandler - finally.
But the browser is expecting something between the closed quotation and the new html attribute, right? There are some chars I can insert unfiltered, but a space is not among those.
Any ideas? Semicolon doesn't work."
      ["author"]=>
      string(5) "chosi"
      ["category"]=>
      string(8) "XSS Info"
      ["guid"]=>
      string(59) "http://sla.ckers.org/forum/read.php?2,24526,24528#msg-24528"
      ["pubDate"]=>
      string(31) "Fri, 12 Sep 2008 10:37:57 -0500"
    }
    [22]=>
    array(7) {
      ["title"]=>
      string(28) "[Vendor Talk] Re: TeamMentor"
      ["link"]=>
      string(60) "http://sla.ckers.org/forum/read.php?21,24484,24527#msg-24527"
      ["description"]=>
      string(565) "Oh sheesh.  Fine, I'll post the links and see if I get some responses.

* TeamMentor Evaluation - feature limited access to content  (username/password:  demo/sisecure2007)
http://remote.securityinnovation.com:8088/TeamMentor/

* Introducing Two Exciting 10 Minute Mini-Courses 
Introduction to Cross-site Scripting - with JSP Examples
http://www.securityinnovation.com/ten-minute-courses/IntroToXSS-JSP/Start.htm
Introduction to Cross-site Scripting - with ASP.Net Examples
http://www.securityinnovation.com/ten-minute-courses/IntroToXSS-ASP.NET/Start.htm"
      ["author"]=>
      string(3) "ntp"
      ["category"]=>
      string(11) "Vendor Talk"
      ["guid"]=>
      string(60) "http://sla.ckers.org/forum/read.php?21,24484,24527#msg-24527"
      ["pubDate"]=>
      string(31) "Fri, 12 Sep 2008 10:15:21 -0500"
    }
    [23]=>
    array(7) {
      ["title"]=>
      string(38) "[XSS Info] possible xss in phpBB-addon"
      ["link"]=>
      string(59) "http://sla.ckers.org/forum/read.php?2,24526,24526#msg-24526"
      ["description"]=>
      string(910) "Hey,
there's a feature in phpBB to create your own bbtags, which can lead to invalid html-code.
Please note that I have replaced the character '[' by '(' to prevent *THIS* Forum from interpreting any BBCode ;)

There's a quite common method to render LaTeX by inserting an img, e.g.:
    (LaTeX]{TEXT}(/LaTeX]
is replaced with:
    

I wanted to emphasize the names of the newly added bbtags, by putting (b]-tags around them, and got some invalid HTML. Though phpBB replaces lots chars like ",< and > with their html entities, I was wondering whether there's some XSS possible.
I know there are some special means to work around this by using event-handlers or other "tricks" where JS is rendered

Here are some examples, of what I got:

Latex- in b-tags:
(b](latex](/b] and (b](/latex](/b]
=>


b-tags in latex-tags:

D(latex]E(size=1]A(/size]B(/latex]C
=>
DC"
      ["author"]=>
      string(5) "chosi"
      ["category"]=>
      string(8) "XSS Info"
      ["guid"]=>
      string(59) "http://sla.ckers.org/forum/read.php?2,24526,24526#msg-24526"
      ["pubDate"]=>
      string(31) "Fri, 12 Sep 2008 09:10:01 -0500"
    }
    [24]=>
    array(7) {
      ["title"]=>
      string(56) "[Projects] Re: PHPIDS (0.5.2 - so fast you won't see it)"
      ["link"]=>
      string(59) "http://sla.ckers.org/forum/read.php?12,8085,24525#msg-24525"
      ["description"]=>
      string(275) "Hi,

wow - this is a beauty indeed! Bloody [url=http://developer.mozilla.org/En/Core_JavaScript_1.5_Guide:Processing_XML_with_E4X]E4X[/url] :)

I bet there's more - I have to get more involved with E4X as soon as I find some time.

Greetings and thx|congrats ;)
.mario"
      ["author"]=>
      string(6) ".mario"
      ["category"]=>
      string(8) "Projects"
      ["guid"]=>
      string(59) "http://sla.ckers.org/forum/read.php?12,8085,24525#msg-24525"
      ["pubDate"]=>
      string(31) "Fri, 12 Sep 2008 03:54:14 -0500"
    }
    [25]=>
    array(7) {
      ["title"]=>
      string(68) "[Jobs] Re: Looking for 'Internet Investigators', can work from home!"
      ["link"]=>
      string(60) "http://sla.ckers.org/forum/read.php?17,24480,24524#msg-24524"
      ["description"]=>
      string(375) "Dear All,

There is a reason that I keep my identity and company private at this moment.

Again, if anyone is interested in this SERIOUS job, please contact me. 

If not, stop wasting your time by putting my ad in bad daylight, I am trying to look for some people who need a JOB (like the forum says), not being 'dissed' by people who have certain assumptions.


Ian"
      ["author"]=>
      string(9) "iancraven"
      ["category"]=>
      string(4) "Jobs"
      ["guid"]=>
      string(60) "http://sla.ckers.org/forum/read.php?17,24480,24524#msg-24524"
      ["pubDate"]=>
      string(31) "Fri, 12 Sep 2008 03:15:38 -0500"
    }
    [26]=>
    array(7) {
      ["title"]=>
      string(56) "[Projects] Re: PHPIDS (0.5.2 - so fast you won't see it)"
      ["link"]=>
      string(59) "http://sla.ckers.org/forum/read.php?12,8085,24523#msg-24523"
      ["description"]=>
      string(7) "Nice :D"
      ["author"]=>
      string(12) "Gareth Heyes"
      ["category"]=>
      string(8) "Projects"
      ["guid"]=>
      string(59) "http://sla.ckers.org/forum/read.php?12,8085,24523#msg-24523"
      ["pubDate"]=>
      string(31) "Fri, 12 Sep 2008 00:30:47 -0500"
    }
    [27]=>
    array(7) {
      ["title"]=>
      string(99) "[SQL and Code Injection] Re: pls help me in 4.1.22-standard database i can not find the admin table"
      ["link"]=>
      string(60) "http://sla.ckers.org/forum/read.php?16,24493,24522#msg-24522"
      ["description"]=>
      string(33) "Try other options like load_file."
      ["author"]=>
      string(5) "Chuks"
      ["category"]=>
      string(22) "SQL and Code Injection"
      ["guid"]=>
      string(60) "http://sla.ckers.org/forum/read.php?16,24493,24522#msg-24522"
      ["pubDate"]=>
      string(31) "Fri, 12 Sep 2008 00:17:41 -0500"
    }
    [28]=>
    array(7) {
      ["title"]=>
      string(42) "[Full Disclosure] Re: Google Chrome spoof?"
      ["link"]=>
      string(59) "http://sla.ckers.org/forum/read.php?3,24518,24521#msg-24521"
      ["description"]=>
      string(190) "I mucked around a bit with this and couldn't find anything.

Interestingly though when the following code is executed (onclick) Chrome appears to automatically close the alert box for you."
      ["author"]=>
      string(9) "digi7al64"
      ["category"]=>
      string(15) "Full Disclosure"
      ["guid"]=>
      string(59) "http://sla.ckers.org/forum/read.php?3,24518,24521#msg-24521"
      ["pubDate"]=>
      string(31) "Thu, 11 Sep 2008 23:12:21 -0500"
    }
    [29]=>
    array(7) {
      ["title"]=>
      string(68) "[Jobs] Re: Looking for 'Internet Investigators', can work from home!"
      ["link"]=>
      string(60) "http://sla.ckers.org/forum/read.php?17,24480,24520#msg-24520"
      ["description"]=>
      string(344) ">>LE agency wouldn't post a wanted ad in a forum on the internet looking for someone to conduct forensic analysis and computer crime investigation into criminal activities.

Yeah that is what I was thinking, that would be a dumb idea. I mean what if the people you were investigating turned out to be the forensic analysts or knew them."
      ["author"]=>
      string(14) "CrYpTiC_MauleR"
      ["category"]=>
      string(4) "Jobs"
      ["guid"]=>
      string(60) "http://sla.ckers.org/forum/read.php?17,24480,24520#msg-24520"
      ["pubDate"]=>
      string(31) "Thu, 11 Sep 2008 20:06:02 -0500"
    }
  }
  ["items_count"]=>
  int(30)
}

3030string(10) "iso-8859-1"
iso-8859-1string(30) "Web Application Security Forum"
Web Application Security Forumstring(36) "http://sla.ckers.org/forum/index.php"
http://sla.ckers.org/forum/index.phpstring(2) "EN"
ENstring(31) "Fri, 12 Sep 2008 22:36:21 -0500"
Fri, 12 Sep 2008 22:36:21 -0500array(30) { [0]=> array(7) { ["title"]=> string(49) "[Wireless Security] Re: Sharing Wireless Securely" ["link"]=> string(59) "http://sla.ckers.org/forum/read.php?5,24519,24549#msg-24549" ["description"]=> string(275) ">> OpenVPN adds nothing except you could keep Wireless User from being sniffed, but who cares if they aren't your Mom... Personally I don't care either, just trying to keep my mom's data safe from being snooped on by a tenant. Thanks for the quick and simple answer!" ["author"]=> string(14) "CrYpTiC_MauleR" ["category"]=> string(17) "Wireless Security" ["guid"]=> string(59) "http://sla.ckers.org/forum/read.php?5,24519,24549#msg-24549" ["pubDate"]=> string(31) "Fri, 12 Sep 2008 22:36:21 -0500" } [1]=> array(7) { ["title"]=> string(24) "[News and Links] Re: IKE" ["link"]=> string(60) "http://sla.ckers.org/forum/read.php?13,24545,24548#msg-24548" ["description"]=> string(95) "I find this inexcusable! I demand that you build wind turbines to harness power for the server!" ["author"]=> string(14) "CrYpTiC_MauleR" ["category"]=> string(14) "News and Links" ["guid"]=> string(60) "http://sla.ckers.org/forum/read.php?13,24545,24548#msg-24548" ["pubDate"]=> string(31) "Fri, 12 Sep 2008 22:32:59 -0500" } [2]=> array(7) { ["title"]=> string(61) "[SQL and Code Injection] why i cant see number of the columns" ["link"]=> string(60) "http://sla.ckers.org/forum/read.php?16,24547,24547#msg-24547" ["description"]=> string(183) "the wrong is desaber and ther is no column numbers the is the site and i stop here pls hlp me www.skgo.org/code/navigate.php?Id=266+union+select+0,1,2,3,4,5,6,7,8,9,10,11,12,13,14" ["author"]=> string(5) "WESAM" ["category"]=> string(22) "SQL and Code Injection" ["guid"]=> string(60) "http://sla.ckers.org/forum/read.php?16,24547,24547#msg-24547" ["pubDate"]=> string(31) "Fri, 12 Sep 2008 19:07:36 -0500" } [3]=> array(7) { ["title"]=> string(49) "[Wireless Security] Re: Sharing Wireless Securely" ["link"]=> string(59) "http://sla.ckers.org/forum/read.php?5,24519,24546#msg-24546" ["description"]=> string(417) "You need to create 2 networks internally, let the users on different ones. /----- Your Mom (Wired network 192.168.1.0/24) INTERNET ---| \----- Wireless User (Wireless network 192.168.2.0/24) Make sure that Wireless User is firewalled from your Mom. OpenVPN adds nothing except you could keep Wireless User from being sniffed, but who cares if they aren't your Mom..." ["author"]=> string(2) "id" ["category"]=> string(17) "Wireless Security" ["guid"]=> string(59) "http://sla.ckers.org/forum/read.php?5,24519,24546#msg-24546" ["pubDate"]=> string(31) "Fri, 12 Sep 2008 19:00:04 -0500" } [4]=> array(7) { ["title"]=> string(20) "[News and Links] IKE" ["link"]=> string(60) "http://sla.ckers.org/forum/read.php?13,24545,24545#msg-24545" ["description"]=> string(220) "Hurricane Ike is barreling down on us, and though I doubt we are affected much in Austin, we could experience a power outage, and with no generator here...server might be down a bit (The UPS will only last 10 min or so)." ["author"]=> string(2) "id" ["category"]=> string(14) "News and Links" ["guid"]=> string(60) "http://sla.ckers.org/forum/read.php?13,24545,24545#msg-24545" ["pubDate"]=> string(31) "Fri, 12 Sep 2008 18:31:04 -0500" } [5]=> array(7) { ["title"]=> string(68) "[Jobs] Re: Looking for 'Internet Investigators', can work from home!" ["link"]=> string(60) "http://sla.ckers.org/forum/read.php?17,24480,24544#msg-24544" ["description"]=> string(102) "No worries, I don't care if you're LE or anything else, it's up to whoever contacts you to be ethical." ["author"]=> string(2) "id" ["category"]=> string(4) "Jobs" ["guid"]=> string(60) "http://sla.ckers.org/forum/read.php?17,24480,24544#msg-24544" ["pubDate"]=> string(31) "Fri, 12 Sep 2008 18:27:26 -0500" } [6]=> array(7) { ["title"]=> string(27) "[OMG Ponies] Re: 1:45 to go" ["link"]=> string(60) "http://sla.ckers.org/forum/read.php?11,24472,24543#msg-24543" ["description"]=> string(196) ">> Anyway, she'll fix any problems I don't use any tech support services such as Geek Squad or Firedog, but if their techs looked like that I would be scheduling repairs all the time =oP" ["author"]=> string(14) "CrYpTiC_MauleR" ["category"]=> string(10) "OMG Ponies" ["guid"]=> string(60) "http://sla.ckers.org/forum/read.php?11,24472,24543#msg-24543" ["pubDate"]=> string(31) "Fri, 12 Sep 2008 18:20:39 -0500" } [7]=> array(7) { ["title"]=> string(49) "[Wireless Security] Re: Sharing Wireless Securely" ["link"]=> string(59) "http://sla.ckers.org/forum/read.php?5,24519,24542#msg-24542" ["description"]=> string(482) "So OpenVPN will work for this setup? 1 DSL line 1 router using OpenWRT 2 users user1 - desktop (ethernet) user2 - laptop (wireless) I want it so that user1 can access the internet and not have user2 eavesdrop on the connection or vice versa. So user1 has their own encrypted connection to internet and user2 has their own encrypted connection. Both will be sharing the same DSL through router but neither will be able to see what the other is doing on network." ["author"]=> string(14) "CrYpTiC_MauleR" ["category"]=> string(17) "Wireless Security" ["guid"]=> string(59) "http://sla.ckers.org/forum/read.php?5,24519,24542#msg-24542" ["pubDate"]=> string(31) "Fri, 12 Sep 2008 18:16:25 -0500" } [8]=> array(7) { ["title"]=> string(69) "[News and Links] Re: 11 arrested in massive credit card/id theft ring" ["link"]=> string(60) "http://sla.ckers.org/forum/read.php?13,24070,24541#msg-24541" ["description"]=> string(20) "I've been freed! =oD" ["author"]=> string(14) "CrYpTiC_MauleR" ["category"]=> string(14) "News and Links" ["guid"]=> string(60) "http://sla.ckers.org/forum/read.php?13,24070,24541#msg-24541" ["pubDate"]=> string(31) "Fri, 12 Sep 2008 18:07:44 -0500" } [9]=> array(7) { ["title"]=> string(27) "[OMG Ponies] Re: 1:45 to go" ["link"]=> string(60) "http://sla.ckers.org/forum/read.php?11,24472,24540#msg-24540" ["description"]=> string(240) "Gareth Heyes Wrote: ------------------------------------------------------- > On the plus side a mini blackhole could give us > somewhere to put all our garbage Haha, yeah..just make sure you tie off before taking the trash out!" ["author"]=> string(10) "Cagekicker" ["category"]=> string(10) "OMG Ponies" ["guid"]=> string(60) "http://sla.ckers.org/forum/read.php?11,24472,24540#msg-24540" ["pubDate"]=> string(31) "Fri, 12 Sep 2008 18:04:22 -0500" } [10]=> array(7) { ["title"]=> string(47) "[SQL and Code Injection] Re: is thes blind sql" ["link"]=> string(60) "http://sla.ckers.org/forum/read.php?16,24535,24539#msg-24539" ["description"]=> string(225) "I would suggest to read some articles about SQLi and setup a local server to see whats going on in detail instead of playing on sites you are not allowed. we wont participate at hacking all sites you'll find a SQLi vector on." ["author"]=> string(7) "Reiners" ["category"]=> string(22) "SQL and Code Injection" ["guid"]=> string(60) "http://sla.ckers.org/forum/read.php?16,24535,24539#msg-24539" ["pubDate"]=> string(31) "Fri, 12 Sep 2008 17:09:59 -0500" } [11]=> array(7) { ["title"]=> string(99) "[SQL and Code Injection] Re: pls help me in 4.1.22-standard database i can not find the admin table" ["link"]=> string(60) "http://sla.ckers.org/forum/read.php?16,24493,24538#msg-24538" ["description"]=> string(118) "I didnt checked the site, but you dont need quotes for load_file() if you use hex encoding like load_file(0x123123132)" ["author"]=> string(7) "Reiners" ["category"]=> string(22) "SQL and Code Injection" ["guid"]=> string(60) "http://sla.ckers.org/forum/read.php?16,24493,24538#msg-24538" ["pubDate"]=> string(31) "Fri, 12 Sep 2008 16:44:06 -0500" } [12]=> array(7) { ["title"]=> string(68) "[Jobs] Re: Looking for 'Internet Investigators', can work from home!" ["link"]=> string(60) "http://sla.ckers.org/forum/read.php?17,24480,24537#msg-24537" ["description"]=> string(25) "Missed it by *that* much!" ["author"]=> string(6) "thrill" ["category"]=> string(4) "Jobs" ["guid"]=> string(60) "http://sla.ckers.org/forum/read.php?17,24480,24537#msg-24537" ["pubDate"]=> string(31) "Fri, 12 Sep 2008 16:34:01 -0500" } [13]=> array(7) { ["title"]=> string(47) "[SQL and Code Injection] Re: is thes blind sql" ["link"]=> string(60) "http://sla.ckers.org/forum/read.php?16,24535,24536#msg-24536" ["description"]=> string(80) "http://www.nationalassembly.af/index.php?id=4%20union%20select%200,1,2,3,4,5,6,7" ["author"]=> string(5) "WESAM" ["category"]=> string(22) "SQL and Code Injection" ["guid"]=> string(60) "http://sla.ckers.org/forum/read.php?16,24535,24536#msg-24536" ["pubDate"]=> string(31) "Fri, 12 Sep 2008 14:29:20 -0500" } [14]=> array(7) { ["title"]=> string(43) "[SQL and Code Injection] is thes blind sql" ["link"]=> string(60) "http://sla.ckers.org/forum/read.php?16,24535,24535#msg-24535" ["description"]=> string(80) "http://www.nationalassembly.af/index.php?id=4%20union%20select%200,1,2,3,4,5,6,7" ["author"]=> string(5) "WESAM" ["category"]=> string(22) "SQL and Code Injection" ["guid"]=> string(60) "http://sla.ckers.org/forum/read.php?16,24535,24535#msg-24535" ["pubDate"]=> string(31) "Fri, 12 Sep 2008 14:28:47 -0500" } [15]=> array(7) { ["title"]=> string(69) "[News and Links] Re: 11 arrested in massive credit card/id theft ring" ["link"]=> string(60) "http://sla.ckers.org/forum/read.php?13,24070,24534#msg-24534" ["description"]=> string(176) "One of them pled guilty. (Not a week old article.) =o) http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9114579&intsrc=hm_ts_head" ["author"]=> string(10) "Cagekicker" ["category"]=> string(14) "News and Links" ["guid"]=> string(60) "http://sla.ckers.org/forum/read.php?13,24070,24534#msg-24534" ["pubDate"]=> string(31) "Fri, 12 Sep 2008 14:26:36 -0500" } [16]=> array(7) { ["title"]=> string(42) "[XSS Info] Re: possible xss in phpBB-addon" ["link"]=> string(59) "http://sla.ckers.org/forum/read.php?2,24526,24533#msg-24533" ["description"]=> string(294) "Starting with a forward slash is not allowed (I suppose we have to match against a RegEx for urls - will find out about that in phpbb-code as well). I will think about a possible circumvention later - after reading the mentioned topic Thanks for your input - gonna check that out tomorrow :)" ["author"]=> string(5) "chosi" ["category"]=> string(8) "XSS Info" ["guid"]=> string(59) "http://sla.ckers.org/forum/read.php?2,24526,24533#msg-24533" ["pubDate"]=> string(31) "Fri, 12 Sep 2008 12:49:45 -0500" } [17]=> array(7) { ["title"]=> string(99) "[SQL and Code Injection] Re: pls help me in 4.1.22-standard database i can not find the admin table" ["link"]=> string(60) "http://sla.ckers.org/forum/read.php?16,24493,24532#msg-24532" ["description"]=> string(34) "i try it but it the magek qutes on" ["author"]=> string(5) "WESAM" ["category"]=> string(22) "SQL and Code Injection" ["guid"]=> string(60) "http://sla.ckers.org/forum/read.php?16,24493,24532#msg-24532" ["pubDate"]=> string(31) "Fri, 12 Sep 2008 12:08:32 -0500" } [18]=> array(7) { ["title"]=> string(42) "[XSS Info] Re: possible xss in phpBB-addon" ["link"]=> string(59) "http://sla.ckers.org/forum/read.php?2,24526,24531#msg-24531" ["description"]=> string(194) "try a forward slash to separate the closing quotation mark and the new attribute. Also, you might find some useful info in this related thread: http://sla.ckers.org/forum/read.php?2,18369,18496" ["author"]=> string(10) "thornmaker" ["category"]=> string(8) "XSS Info" ["guid"]=> string(59) "http://sla.ckers.org/forum/read.php?2,24526,24531#msg-24531" ["pubDate"]=> string(31) "Fri, 12 Sep 2008 12:02:49 -0500" } [19]=> array(7) { ["title"]=> string(49) "[Wireless Security] Re: Sharing Wireless Securely" ["link"]=> string(59) "http://sla.ckers.org/forum/read.php?5,24519,24530#msg-24530" ["description"]=> string(19) "yum install openvpn" ["author"]=> string(3) "ntp" ["category"]=> string(17) "Wireless Security" ["guid"]=> string(59) "http://sla.ckers.org/forum/read.php?5,24519,24530#msg-24530" ["pubDate"]=> string(31) "Fri, 12 Sep 2008 11:37:42 -0500" } [20]=> array(7) { ["title"]=> string(68) "[Jobs] Re: Looking for 'Internet Investigators', can work from home!" ["link"]=> string(60) "http://sla.ckers.org/forum/read.php?17,24480,24529#msg-24529" ["description"]=> string(320) "Sorry, didn't mean to break your cover, Mr. Smart. Maybe we should break out the Cone of Silence to have this conversation? Edit: It's been called to my attention that "Get Smart" is way before even my time...and I was raised watching the re-runs of it...So, the above might not make much sense to some. :o\" ["author"]=> string(10) "Cagekicker" ["category"]=> string(4) "Jobs" ["guid"]=> string(60) "http://sla.ckers.org/forum/read.php?17,24480,24529#msg-24529" ["pubDate"]=> string(31) "Fri, 12 Sep 2008 11:18:51 -0500" } [21]=> array(7) { ["title"]=> string(42) "[XSS Info] Re: possible xss in phpBB-addon" ["link"]=> string(59) "http://sla.ckers.org/forum/read.php?2,24526,24528#msg-24528" ["description"]=> string(456) "I got a little further: (again [-brackets are replaced) D(latex]E(url=http://example.org/?;onerror=window.location=//example.org/+//test.html]text(/url]B(/latex]C leads to: DC So I'm nearly inserting an eventhandler - finally. But the browser is expecting something between the closed quotation and the new html attribute, right? There are some chars I can insert unfiltered, but a space is not among those. Any ideas? Semicolon doesn't work." ["author"]=> string(5) "chosi" ["category"]=> string(8) "XSS Info" ["guid"]=> string(59) "http://sla.ckers.org/forum/read.php?2,24526,24528#msg-24528" ["pubDate"]=> string(31) "Fri, 12 Sep 2008 10:37:57 -0500" } [22]=> array(7) { ["title"]=> string(28) "[Vendor Talk] Re: TeamMentor" ["link"]=> string(60) "http://sla.ckers.org/forum/read.php?21,24484,24527#msg-24527" ["description"]=> string(565) "Oh sheesh. Fine, I'll post the links and see if I get some responses. * TeamMentor Evaluation - feature limited access to content (username/password: demo/sisecure2007) http://remote.securityinnovation.com:8088/TeamMentor/ * Introducing Two Exciting 10 Minute Mini-Courses Introduction to Cross-site Scripting - with JSP Examples http://www.securityinnovation.com/ten-minute-courses/IntroToXSS-JSP/Start.htm Introduction to Cross-site Scripting - with ASP.Net Examples http://www.securityinnovation.com/ten-minute-courses/IntroToXSS-ASP.NET/Start.htm" ["author"]=> string(3) "ntp" ["category"]=> string(11) "Vendor Talk" ["guid"]=> string(60) "http://sla.ckers.org/forum/read.php?21,24484,24527#msg-24527" ["pubDate"]=> string(31) "Fri, 12 Sep 2008 10:15:21 -0500" } [23]=> array(7) { ["title"]=> string(38) "[XSS Info] possible xss in phpBB-addon" ["link"]=> string(59) "http://sla.ckers.org/forum/read.php?2,24526,24526#msg-24526" ["description"]=> string(910) "Hey, there's a feature in phpBB to create your own bbtags, which can lead to invalid html-code. Please note that I have replaced the character '[' by '(' to prevent *THIS* Forum from interpreting any BBCode ;) There's a quite common method to render LaTeX by inserting an img, e.g.: (LaTeX]{TEXT}(/LaTeX] is replaced with: I wanted to emphasize the names of the newly added bbtags, by putting (b]-tags around them, and got some invalid HTML. Though phpBB replaces lots chars like ",< and > with their html entities, I was wondering whether there's some XSS possible. I know there are some special means to work around this by using event-handlers or other "tricks" where JS is rendered Here are some examples, of what I got: Latex- in b-tags: (b](latex](/b] and (b](/latex](/b] => b-tags in latex-tags: D(latex]E(size=1]A(/size]B(/latex]C => DC" ["author"]=> string(5) "chosi" ["category"]=> string(8) "XSS Info" ["guid"]=> string(59) "http://sla.ckers.org/forum/read.php?2,24526,24526#msg-24526" ["pubDate"]=> string(31) "Fri, 12 Sep 2008 09:10:01 -0500" } [24]=> array(7) { ["title"]=> string(56) "[Projects] Re: PHPIDS (0.5.2 - so fast you won't see it)" ["link"]=> string(59) "http://sla.ckers.org/forum/read.php?12,8085,24525#msg-24525" ["description"]=> string(275) "Hi, wow - this is a beauty indeed! Bloody [url=http://developer.mozilla.org/En/Core_JavaScript_1.5_Guide:Processing_XML_with_E4X]E4X[/url] :) I bet there's more - I have to get more involved with E4X as soon as I find some time. Greetings and thx|congrats ;) .mario" ["author"]=> string(6) ".mario" ["category"]=> string(8) "Projects" ["guid"]=> string(59) "http://sla.ckers.org/forum/read.php?12,8085,24525#msg-24525" ["pubDate"]=> string(31) "Fri, 12 Sep 2008 03:54:14 -0500" } [25]=> array(7) { ["title"]=> string(68) "[Jobs] Re: Looking for 'Internet Investigators', can work from home!" ["link"]=> string(60) "http://sla.ckers.org/forum/read.php?17,24480,24524#msg-24524" ["description"]=> string(375) "Dear All, There is a reason that I keep my identity and company private at this moment. Again, if anyone is interested in this SERIOUS job, please contact me. If not, stop wasting your time by putting my ad in bad daylight, I am trying to look for some people who need a JOB (like the forum says), not being 'dissed' by people who have certain assumptions. Ian" ["author"]=> string(9) "iancraven" ["category"]=> string(4) "Jobs" ["guid"]=> string(60) "http://sla.ckers.org/forum/read.php?17,24480,24524#msg-24524" ["pubDate"]=> string(31) "Fri, 12 Sep 2008 03:15:38 -0500" } [26]=> array(7) { ["title"]=> string(56) "[Projects] Re: PHPIDS (0.5.2 - so fast you won't see it)" ["link"]=> string(59) "http://sla.ckers.org/forum/read.php?12,8085,24523#msg-24523" ["description"]=> string(7) "Nice :D" ["author"]=> string(12) "Gareth Heyes" ["category"]=> string(8) "Projects" ["guid"]=> string(59) "http://sla.ckers.org/forum/read.php?12,8085,24523#msg-24523" ["pubDate"]=> string(31) "Fri, 12 Sep 2008 00:30:47 -0500" } [27]=> array(7) { ["title"]=> string(99) "[SQL and Code Injection] Re: pls help me in 4.1.22-standard database i can not find the admin table" ["link"]=> string(60) "http://sla.ckers.org/forum/read.php?16,24493,24522#msg-24522" ["description"]=> string(33) "Try other options like load_file." ["author"]=> string(5) "Chuks" ["category"]=> string(22) "SQL and Code Injection" ["guid"]=> string(60) "http://sla.ckers.org/forum/read.php?16,24493,24522#msg-24522" ["pubDate"]=> string(31) "Fri, 12 Sep 2008 00:17:41 -0500" } [28]=> array(7) { ["title"]=> string(42) "[Full Disclosure] Re: Google Chrome spoof?" ["link"]=> string(59) "http://sla.ckers.org/forum/read.php?3,24518,24521#msg-24521" ["description"]=> string(190) "I mucked around a bit with this and couldn't find anything. Interestingly though when the following code is executed (onclick) Chrome appears to automatically close the alert box for you." ["author"]=> string(9) "digi7al64" ["category"]=> string(15) "Full Disclosure" ["guid"]=> string(59) "http://sla.ckers.org/forum/read.php?3,24518,24521#msg-24521" ["pubDate"]=> string(31) "Thu, 11 Sep 2008 23:12:21 -0500" } [29]=> array(7) { ["title"]=> string(68) "[Jobs] Re: Looking for 'Internet Investigators', can work from home!" ["link"]=> string(60) "http://sla.ckers.org/forum/read.php?17,24480,24520#msg-24520" ["description"]=> string(344) ">>LE agency wouldn't post a wanted ad in a forum on the internet looking for someone to conduct forensic analysis and computer crime investigation into criminal activities. Yeah that is what I was thinking, that would be a dumb idea. I mean what if the people you were investigating turned out to be the forensic analysts or knew them." ["author"]=> string(14) "CrYpTiC_MauleR" ["category"]=> string(4) "Jobs" ["guid"]=> string(60) "http://sla.ckers.org/forum/read.php?17,24480,24520#msg-24520" ["pubDate"]=> string(31) "Thu, 11 Sep 2008 20:06:02 -0500" } }
Array ( [0] => Array ( [title] => [Wireless Security] Re: Sharing Wireless Securely [link] => http://sla.ckers.org/forum/read.php?5,24519,24549#msg-24549 [description] => >> OpenVPN adds nothing except you could keep Wireless User from being sniffed, but who cares if they aren't your Mom... Personally I don't care either, just trying to keep my mom's data safe from being snooped on by a tenant. Thanks for the quick and simple answer! [author] => CrYpTiC_MauleR [category] => Wireless Security [guid] => http://sla.ckers.org/forum/read.php?5,24519,24549#msg-24549 [pubDate] => Fri, 12 Sep 2008 22:36:21 -0500 ) [1] => Array ( [title] => [News and Links] Re: IKE [link] => http://sla.ckers.org/forum/read.php?13,24545,24548#msg-24548 [description] => I find this inexcusable! I demand that you build wind turbines to harness power for the server! [author] => CrYpTiC_MauleR [category] => News and Links [guid] => http://sla.ckers.org/forum/read.php?13,24545,24548#msg-24548 [pubDate] => Fri, 12 Sep 2008 22:32:59 -0500 ) [2] => Array ( [title] => [SQL and Code Injection] why i cant see number of the columns [link] => http://sla.ckers.org/forum/read.php?16,24547,24547#msg-24547 [description] => the wrong is desaber and ther is no column numbers the is the site and i stop here pls hlp me www.skgo.org/code/navigate.php?Id=266+union+select+0,1,2,3,4,5,6,7,8,9,10,11,12,13,14 [author] => WESAM [category] => SQL and Code Injection [guid] => http://sla.ckers.org/forum/read.php?16,24547,24547#msg-24547 [pubDate] => Fri, 12 Sep 2008 19:07:36 -0500 ) [3] => Array ( [title] => [Wireless Security] Re: Sharing Wireless Securely [link] => http://sla.ckers.org/forum/read.php?5,24519,24546#msg-24546 [description] => You need to create 2 networks internally, let the users on different ones. /----- Your Mom (Wired network 192.168.1.0/24) INTERNET ---| \----- Wireless User (Wireless network 192.168.2.0/24) Make sure that Wireless User is firewalled from your Mom. OpenVPN adds nothing except you could keep Wireless User from being sniffed, but who cares if they aren't your Mom... [author] => id [category] => Wireless Security [guid] => http://sla.ckers.org/forum/read.php?5,24519,24546#msg-24546 [pubDate] => Fri, 12 Sep 2008 19:00:04 -0500 ) [4] => Array ( [title] => [News and Links] IKE [link] => http://sla.ckers.org/forum/read.php?13,24545,24545#msg-24545 [description] => Hurricane Ike is barreling down on us, and though I doubt we are affected much in Austin, we could experience a power outage, and with no generator here...server might be down a bit (The UPS will only last 10 min or so). [author] => id [category] => News and Links [guid] => http://sla.ckers.org/forum/read.php?13,24545,24545#msg-24545 [pubDate] => Fri, 12 Sep 2008 18:31:04 -0500 ) [5] => Array ( [title] => [Jobs] Re: Looking for 'Internet Investigators', can work from home! [link] => http://sla.ckers.org/forum/read.php?17,24480,24544#msg-24544 [description] => No worries, I don't care if you're LE or anything else, it's up to whoever contacts you to be ethical. [author] => id [category] => Jobs [guid] => http://sla.ckers.org/forum/read.php?17,24480,24544#msg-24544 [pubDate] => Fri, 12 Sep 2008 18:27:26 -0500 ) [6] => Array ( [title] => [OMG Ponies] Re: 1:45 to go [link] => http://sla.ckers.org/forum/read.php?11,24472,24543#msg-24543 [description] => >> Anyway, she'll fix any problems I don't use any tech support services such as Geek Squad or Firedog, but if their techs looked like that I would be scheduling repairs all the time =oP [author] => CrYpTiC_MauleR [category] => OMG Ponies [guid] => http://sla.ckers.org/forum/read.php?11,24472,24543#msg-24543 [pubDate] => Fri, 12 Sep 2008 18:20:39 -0500 ) [7] => Array ( [title] => [Wireless Security] Re: Sharing Wireless Securely [link] => http://sla.ckers.org/forum/read.php?5,24519,24542#msg-24542 [description] => So OpenVPN will work for this setup? 1 DSL line 1 router using OpenWRT 2 users user1 - desktop (ethernet) user2 - laptop (wireless) I want it so that user1 can access the internet and not have user2 eavesdrop on the connection or vice versa. So user1 has their own encrypted connection to internet and user2 has their own encrypted connection. Both will be sharing the same DSL through router but neither will be able to see what the other is doing on network. [author] => CrYpTiC_MauleR [category] => Wireless Security [guid] => http://sla.ckers.org/forum/read.php?5,24519,24542#msg-24542 [pubDate] => Fri, 12 Sep 2008 18:16:25 -0500 ) [8] => Array ( [title] => [News and Links] Re: 11 arrested in massive credit card/id theft ring [link] => http://sla.ckers.org/forum/read.php?13,24070,24541#msg-24541 [description] => I've been freed! =oD [author] => CrYpTiC_MauleR [category] => News and Links [guid] => http://sla.ckers.org/forum/read.php?13,24070,24541#msg-24541 [pubDate] => Fri, 12 Sep 2008 18:07:44 -0500 ) [9] => Array ( [title] => [OMG Ponies] Re: 1:45 to go [link] => http://sla.ckers.org/forum/read.php?11,24472,24540#msg-24540 [description] => Gareth Heyes Wrote: ------------------------------------------------------- > On the plus side a mini blackhole could give us > somewhere to put all our garbage Haha, yeah..just make sure you tie off before taking the trash out! [author] => Cagekicker [category] => OMG Ponies [guid] => http://sla.ckers.org/forum/read.php?11,24472,24540#msg-24540 [pubDate] => Fri, 12 Sep 2008 18:04:22 -0500 ) [10] => Array ( [title] => [SQL and Code Injection] Re: is thes blind sql [link] => http://sla.ckers.org/forum/read.php?16,24535,24539#msg-24539 [description] => I would suggest to read some articles about SQLi and setup a local server to see whats going on in detail instead of playing on sites you are not allowed. we wont participate at hacking all sites you'll find a SQLi vector on. [author] => Reiners [category] => SQL and Code Injection [guid] => http://sla.ckers.org/forum/read.php?16,24535,24539#msg-24539 [pubDate] => Fri, 12 Sep 2008 17:09:59 -0500 ) [11] => Array ( [title] => [SQL and Code Injection] Re: pls help me in 4.1.22-standard database i can not find the admin table [link] => http://sla.ckers.org/forum/read.php?16,24493,24538#msg-24538 [description] => I didnt checked the site, but you dont need quotes for load_file() if you use hex encoding like load_file(0x123123132) [author] => Reiners [category] => SQL and Code Injection [guid] => http://sla.ckers.org/forum/read.php?16,24493,24538#msg-24538 [pubDate] => Fri, 12 Sep 2008 16:44:06 -0500 ) [12] => Array ( [title] => [Jobs] Re: Looking for 'Internet Investigators', can work from home! [link] => http://sla.ckers.org/forum/read.php?17,24480,24537#msg-24537 [description] => Missed it by *that* much! [author] => thrill [category] => Jobs [guid] => http://sla.ckers.org/forum/read.php?17,24480,24537#msg-24537 [pubDate] => Fri, 12 Sep 2008 16:34:01 -0500 ) [13] => Array ( [title] => [SQL and Code Injection] Re: is thes blind sql [link] => http://sla.ckers.org/forum/read.php?16,24535,24536#msg-24536 [description] => http://www.nationalassembly.af/index.php?id=4%20union%20select%200,1,2,3,4,5,6,7 [author] => WESAM [category] => SQL and Code Injection [guid] => http://sla.ckers.org/forum/read.php?16,24535,24536#msg-24536 [pubDate] => Fri, 12 Sep 2008 14:29:20 -0500 ) [14] => Array ( [title] => [SQL and Code Injection] is thes blind sql [link] => http://sla.ckers.org/forum/read.php?16,24535,24535#msg-24535 [description] => http://www.nationalassembly.af/index.php?id=4%20union%20select%200,1,2,3,4,5,6,7 [author] => WESAM [category] => SQL and Code Injection [guid] => http://sla.ckers.org/forum/read.php?16,24535,24535#msg-24535 [pubDate] => Fri, 12 Sep 2008 14:28:47 -0500 ) [15] => Array ( [title] => [News and Links] Re: 11 arrested in massive credit card/id theft ring [link] => http://sla.ckers.org/forum/read.php?13,24070,24534#msg-24534 [description] => One of them pled guilty. (Not a week old article.) =o) http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9114579&intsrc=hm_ts_head [author] => Cagekicker [category] => News and Links [guid] => http://sla.ckers.org/forum/read.php?13,24070,24534#msg-24534 [pubDate] => Fri, 12 Sep 2008 14:26:36 -0500 ) [16] => Array ( [title] => [XSS Info] Re: possible xss in phpBB-addon [link] => http://sla.ckers.org/forum/read.php?2,24526,24533#msg-24533 [description] => Starting with a forward slash is not allowed (I suppose we have to match against a RegEx for urls - will find out about that in phpbb-code as well). I will think about a possible circumvention later - after reading the mentioned topic Thanks for your input - gonna check that out tomorrow :) [author] => chosi [category] => XSS Info [guid] => http://sla.ckers.org/forum/read.php?2,24526,24533#msg-24533 [pubDate] => Fri, 12 Sep 2008 12:49:45 -0500 ) [17] => Array ( [title] => [SQL and Code Injection] Re: pls help me in 4.1.22-standard database i can not find the admin table [link] => http://sla.ckers.org/forum/read.php?16,24493,24532#msg-24532 [description] => i try it but it the magek qutes on [author] => WESAM [category] => SQL and Code Injection [guid] => http://sla.ckers.org/forum/read.php?16,24493,24532#msg-24532 [pubDate] => Fri, 12 Sep 2008 12:08:32 -0500 ) [18] => Array ( [title] => [XSS Info] Re: possible xss in phpBB-addon [link] => http://sla.ckers.org/forum/read.php?2,24526,24531#msg-24531 [description] => try a forward slash to separate the closing quotation mark and the new attribute. Also, you might find some useful info in this related thread: http://sla.ckers.org/forum/read.php?2,18369,18496 [author] => thornmaker [category] => XSS Info [guid] => http://sla.ckers.org/forum/read.php?2,24526,24531#msg-24531 [pubDate] => Fri, 12 Sep 2008 12:02:49 -0500 ) [19] => Array ( [title] => [Wireless Security] Re: Sharing Wireless Securely [link] => http://sla.ckers.org/forum/read.php?5,24519,24530#msg-24530 [description] => yum install openvpn [author] => ntp [category] => Wireless Security [guid] => http://sla.ckers.org/forum/read.php?5,24519,24530#msg-24530 [pubDate] => Fri, 12 Sep 2008 11:37:42 -0500 ) [20] => Array ( [title] => [Jobs] Re: Looking for 'Internet Investigators', can work from home! [link] => http://sla.ckers.org/forum/read.php?17,24480,24529#msg-24529 [description] => Sorry, didn't mean to break your cover, Mr. Smart. Maybe we should break out the Cone of Silence to have this conversation? Edit: It's been called to my attention that "Get Smart" is way before even my time...and I was raised watching the re-runs of it...So, the above might not make much sense to some. :o\ [author] => Cagekicker [category] => Jobs [guid] => http://sla.ckers.org/forum/read.php?17,24480,24529#msg-24529 [pubDate] => Fri, 12 Sep 2008 11:18:51 -0500 ) [21] => Array ( [title] => [XSS Info] Re: possible xss in phpBB-addon [link] => http://sla.ckers.org/forum/read.php?2,24526,24528#msg-24528 [description] => I got a little further: (again [-brackets are replaced) D(latex]E(url=http://example.org/?;onerror=window.location=//example.org/+//test.html]text(/url]B(/latex]C leads to: DC So I'm nearly inserting an eventhandler - finally. But the browser is expecting something between the closed quotation and the new html attribute, right? There are some chars I can insert unfiltered, but a space is not among those. Any ideas? Semicolon doesn't work. [author] => chosi [category] => XSS Info [guid] => http://sla.ckers.org/forum/read.php?2,24526,24528#msg-24528 [pubDate] => Fri, 12 Sep 2008 10:37:57 -0500 ) [22] => Array ( [title] => [Vendor Talk] Re: TeamMentor [link] => http://sla.ckers.org/forum/read.php?21,24484,24527#msg-24527 [description] => Oh sheesh. Fine, I'll post the links and see if I get some responses. * TeamMentor Evaluation - feature limited access to content (username/password: demo/sisecure2007) http://remote.securityinnovation.com:8088/TeamMentor/ * Introducing Two Exciting 10 Minute Mini-Courses Introduction to Cross-site Scripting - with JSP Examples http://www.securityinnovation.com/ten-minute-courses/IntroToXSS-JSP/Start.htm Introduction to Cross-site Scripting - with ASP.Net Examples http://www.securityinnovation.com/ten-minute-courses/IntroToXSS-ASP.NET/Start.htm [author] => ntp [category] => Vendor Talk [guid] => http://sla.ckers.org/forum/read.php?21,24484,24527#msg-24527 [pubDate] => Fri, 12 Sep 2008 10:15:21 -0500 ) [23] => Array ( [title] => [XSS Info] possible xss in phpBB-addon [link] => http://sla.ckers.org/forum/read.php?2,24526,24526#msg-24526 [description] => Hey, there's a feature in phpBB to create your own bbtags, which can lead to invalid html-code. Please note that I have replaced the character '[' by '(' to prevent *THIS* Forum from interpreting any BBCode ;) There's a quite common method to render LaTeX by inserting an img, e.g.: (LaTeX]{TEXT}(/LaTeX] is replaced with: I wanted to emphasize the names of the newly added bbtags, by putting (b]-tags around them, and got some invalid HTML. Though phpBB replaces lots chars like ",< and > with their html entities, I was wondering whether there's some XSS possible. I know there are some special means to work around this by using event-handlers or other "tricks" where JS is rendered Here are some examples, of what I got: Latex- in b-tags: (b](latex](/b] and (b](/latex](/b] => b-tags in latex-tags: D(latex]E(size=1]A(/size]B(/latex]C => DC [author] => chosi [category] => XSS Info [guid] => http://sla.ckers.org/forum/read.php?2,24526,24526#msg-24526 [pubDate] => Fri, 12 Sep 2008 09:10:01 -0500 ) [24] => Array ( [title] => [Projects] Re: PHPIDS (0.5.2 - so fast you won't see it) [link] => http://sla.ckers.org/forum/read.php?12,8085,24525#msg-24525 [description] => Hi, wow - this is a beauty indeed! Bloody [url=http://developer.mozilla.org/En/Core_JavaScript_1.5_Guide:Processing_XML_with_E4X]E4X[/url] :) I bet there's more - I have to get more involved with E4X as soon as I find some time. Greetings and thx|congrats ;) .mario [author] => .mario [category] => Projects [guid] => http://sla.ckers.org/forum/read.php?12,8085,24525#msg-24525 [pubDate] => Fri, 12 Sep 2008 03:54:14 -0500 ) [25] => Array ( [title] => [Jobs] Re: Looking for 'Internet Investigators', can work from home! [link] => http://sla.ckers.org/forum/read.php?17,24480,24524#msg-24524 [description] => Dear All, There is a reason that I keep my identity and company private at this moment. Again, if anyone is interested in this SERIOUS job, please contact me. If not, stop wasting your time by putting my ad in bad daylight, I am trying to look for some people who need a JOB (like the forum says), not being 'dissed' by people who have certain assumptions. Ian [author] => iancraven [category] => Jobs [guid] => http://sla.ckers.org/forum/read.php?17,24480,24524#msg-24524 [pubDate] => Fri, 12 Sep 2008 03:15:38 -0500 ) [26] => Array ( [title] => [Projects] Re: PHPIDS (0.5.2 - so fast you won't see it) [link] => http://sla.ckers.org/forum/read.php?12,8085,24523#msg-24523 [description] => Nice :D [author] => Gareth Heyes [category] => Projects [guid] => http://sla.ckers.org/forum/read.php?12,8085,24523#msg-24523 [pubDate] => Fri, 12 Sep 2008 00:30:47 -0500 ) [27] => Array ( [title] => [SQL and Code Injection] Re: pls help me in 4.1.22-standard database i can not find the admin table [link] => http://sla.ckers.org/forum/read.php?16,24493,24522#msg-24522 [description] => Try other options like load_file. [author] => Chuks [category] => SQL and Code Injection [guid] => http://sla.ckers.org/forum/read.php?16,24493,24522#msg-24522 [pubDate] => Fri, 12 Sep 2008 00:17:41 -0500 ) [28] => Array ( [title] => [Full Disclosure] Re: Google Chrome spoof? [link] => http://sla.ckers.org/forum/read.php?3,24518,24521#msg-24521 [description] => I mucked around a bit with this and couldn't find anything. Interestingly though when the following code is executed (onclick) Chrome appears to automatically close the alert box for you. [author] => digi7al64 [category] => Full Disclosure [guid] => http://sla.ckers.org/forum/read.php?3,24518,24521#msg-24521 [pubDate] => Thu, 11 Sep 2008 23:12:21 -0500 ) [29] => Array ( [title] => [Jobs] Re: Looking for 'Internet Investigators', can work from home! [link] => http://sla.ckers.org/forum/read.php?17,24480,24520#msg-24520 [description] => >>LE agency wouldn't post a wanted ad in a forum on the internet looking for someone to conduct forensic analysis and computer crime investigation into criminal activities. Yeah that is what I was thinking, that would be a dumb idea. I mean what if the people you were investigating turned out to be the forensic analysts or knew them. [author] => CrYpTiC_MauleR [category] => Jobs [guid] => http://sla.ckers.org/forum/read.php?17,24480,24520#msg-24520 [pubDate] => Thu, 11 Sep 2008 20:06:02 -0500 ) ) int(30)
30
sla.ckers.org | The Web Application Security Forums :: This newsfeed has a problem
sla.ckers.org @ the web & the world :: hundreds of fresh newsfeeds on schuirink.net
schuirink.net
main destinations: home | the web & the world | out of here
Google

news headlines

News headlines collected from 498 newsfeeds.

sla.ckers.org | The Web Application Security Forums

url: http://sla.ckers.org