Leaderboard

Recent am testat o aplicatie web si am intalnit urmatoarea situatie: doi parametri pe care ii puteam controla erau inclusi intr-un 'href' parametrii respectivi aveau o lungime maxima destul de restrictiva, sa zicem 15 caractere orice continea semnul mai mic (<, inclusiv variante Unicode gen full-length angle bracket) urmat de o litera iti termina sesiunea caracterele speciale nu erau filtrate si nu se folosea HTML-encoding cand valorile respective erau folosite Cam asa arata codul HTML: <a href="https://mataigrasa.com/?param1=XXX&param2=YYY&someotherparamsgohere=whateverman">TROLOL</a> Am folosit urmatoarele valori: param1="onclick='/* param2=*/alert(9)'x=" Atunci codul HTML devine: <a href="https://mataigrasa.com/?param1="onclick='/*&param2=*/alert(9)'x="YYY&someotherparamsgohere=whateverman">TROLOL</a> Param1 inchide atributul 'href' si defineste un 'onclick' in care incep un comment (/*). Param 2 inchide comentul (*/) si introduce codul JS care va fi executat de eventul 'onclick'. Comentariul este folosit ca sa scoata '&param2=' din ecuatie si sa permita concatenarea codului JS. Alte idei/recomandari/sugestii sunt bine venite.

https://gitter.im/paritytech/parity?at=5a008ef75a1758ed0f9610d6

Cel mai bun si finut tel de l-am avut vreodata, imi acoperea orice nevoie de comunicare, semnal foarte bun + ca nu am nevoie de internet nonstop ca toti topii din ziua de azi. asta am sa-mi cumpar cand se va strica cel actual. vechea generatie de tel Nokia = best phone ever.

PLEASE paste big VALID Istealer Or VIC LOGS, HELP US ALL

e mai serios decit constientizam in bordul nostru cultural, va fi voluntar obligatoriu pentru sclavetzii coorporate: " According to a Facebook spokesperson, Facebook workers will have to review full, uncensored versions of nude images first, volunteered by the user, to determine if malicious posts by other users qualify as revenge porn. " Facebook Workers, Not an Algorithm, Will Look at Volunteered Nude Photos First to Stop Revenge Porn caci, PornHub is using machine learning algorithms to identify actors in different videos, so as to better index them. People are worried that it can really identify them, by linking their stage names to their real names. Facebook somehow managed to link a sex worker's clients under her fake name to her real profile. Sometimes people have legitimate reasons for having two identities. That is becoming harder and harder. pentru "voluntarii" obligati sa se alinieze in trendul corect politic, ca sa-si pastreze standingul coorporate, o solutie... http://hackerfactor.com/blog/index.php?/archives/432-Looks-Like-It.html

oare asta traim ?

intrebare, oare chiar e cine pretinde a fi ca si virsta si competente? e doar o intrebare... o analiza a vocii asociata clipurilor de pe youtube e relevanta, nu trage dom' Semaca...