社会工程:

<Cthon98> hey, if you type in your pw, it will show as stars
<Cthon98> ********* see!
<AzureDiamond> hunter2
<AzureDiamond> doesnt look like stars to me
<Cthon98> <AzureDiamond> *******
<Cthon98> thats what I see
<AzureDiamond> oh, really?
<Cthon98> Absolutely
<AzureDiamond> you can go hunter2 my hunter2-ing hunter2
<AzureDiamond> haha, does that look funny to you?
<Cthon98> lol, yes. See, when YOU type hunter2, it shows to us as *******
<AzureDiamond> thats neat, I didnt know IRC did that
<Cthon98> yep, no matter how many times you type hunter2, it will show to us as *******
<AzureDiamond> awesome!
<AzureDiamond> wait, how do you know my pw?
<Cthon98> er, I just copy pasted YOUR ******'s and it appears to YOU as hunter2 cause its your pw
<AzureDiamond> oh, ok.

从bash.org

XSS是我喜欢在网站上找到的东西。

下面是我的发现日志的链接:

所有:http://xssed.com/archive/author=Dr.Optix

只有特色菜:http://xssed.com/archive/special=1/author=Dr.Optix/

祝你浏览愉快!

1-800 dominos will give unlisted address's related to any target phone number. When prompted if you are calling about the phone number you called from select no. The system will prompt you for a new phone number, the system will then read back to you the name and address that's associated to this phone number. Enter in your target's phone number and you now have their name and address. This is pretty common with automated ordering systems and if dominos has fixed this there are literally hundreds more.

有一个地方，管理员在共享FAT32文件夹中设置了所有用户的主目录。

这意味着您可以读取、写入和删除其他用户的文件。

我以前的学校有学生的密码和他们的用户名一样，加上很容易得到他们的用户名(一个数字，例如123233)，然后你可以点击添加列，找到学生的名字和姓氏，以及他们的用户名。因此，很容易在他们的账户中随机放入垃圾，让他们认为“机器里有鬼”。

我有Joe X以前的家庭地址，需要知道他在同一城市的新地址，但没有办法联系到他。我估计他每天都会收到一堆邮购目录，所以我随意拨打了See’s Candies的800电话(与维多利亚的秘密、瑞士殖民地或任何其他大型邮寄公司不同):

我:“嗨，我是Joe x。我想我已经在你的邮件列表中出现过两次了，我的旧地址和新地址都有。你的电脑显示我的地址是[旧地址]还是[假地址]?”

接线员:“不，我们给你看[新地址]。”