Working on this new server in php7...
imc indymedia

Los Angeles Indymedia : Activist News

white themeblack themered themetheme help
About Us Contact Us Calendar Publish RSS
Features
latest news
best of news
syndication
commentary


KILLRADIO

VozMob

ABCF LA

A-Infos Radio

Indymedia On Air

Dope-X-Resistance-LA List

LAAMN List




IMC Network:

Original Cities

www.indymedia.org africa: ambazonia canarias estrecho / madiaq kenya nigeria south africa canada: hamilton london, ontario maritimes montreal ontario ottawa quebec thunder bay vancouver victoria windsor winnipeg east asia: burma jakarta japan korea manila qc europe: abruzzo alacant andorra antwerpen armenia athens austria barcelona belarus belgium belgrade bristol brussels bulgaria calabria croatia cyprus emilia-romagna estrecho / madiaq euskal herria galiza germany grenoble hungary ireland istanbul italy la plana liege liguria lille linksunten lombardia london madrid malta marseille nantes napoli netherlands nice northern england norway oost-vlaanderen paris/Île-de-france patras piemonte poland portugal roma romania russia saint-petersburg scotland sverige switzerland thessaloniki torun toscana toulouse ukraine united kingdom valencia latin america: argentina bolivia chiapas chile chile sur cmi brasil colombia ecuador mexico peru puerto rico qollasuyu rosario santiago tijuana uruguay valparaiso venezuela venezuela oceania: adelaide aotearoa brisbane burma darwin jakarta manila melbourne perth qc sydney south asia: india mumbai united states: arizona arkansas asheville atlanta austin baltimore big muddy binghamton boston buffalo charlottesville chicago cleveland colorado columbus dc hawaii houston hudson mohawk kansas city la madison maine miami michigan milwaukee minneapolis/st. paul new hampshire new jersey new mexico new orleans north carolina north texas nyc oklahoma philadelphia pittsburgh portland richmond rochester rogue valley saint louis san diego san francisco san francisco bay area santa barbara santa cruz, ca sarasota seattle tampa bay tennessee urbana-champaign vermont western mass worcester west asia: armenia beirut israel palestine process: fbi/legal updates mailing lists process & imc docs tech volunteer projects: print radio satellite tv video regions: oceania united states topics: biotech

Surviving Cities

www.indymedia.org africa: canada: quebec east asia: japan europe: athens barcelona belgium bristol brussels cyprus germany grenoble ireland istanbul lille linksunten nantes netherlands norway portugal united kingdom latin america: argentina cmi brasil rosario oceania: aotearoa united states: austin big muddy binghamton boston chicago columbus la michigan nyc portland rochester saint louis san diego san francisco bay area santa cruz, ca tennessee urbana-champaign worcester west asia: palestine process: fbi/legal updates process & imc docs projects: radio satellite tv
printable version - js reader version - view hidden posts - tags and related articles


View article without comments

LA Indymedia has JSON

by johnk Sunday, Mar. 10, 2013 at 10:00 AM

This is for Javascript developers who may want to consider developing a client for this site.

Dearest Developers:

This site now generates a JSON data dump of each article. The URL of the JSON data is the same as the article's URL, with the "php" replaced by "json".

http://la.indymedia.org/news/2013/03/258838.json

This is basically a dump of our internal data. Nothing has been omitted at this time, though in the future some fields might be lost. So this non-API may change. However, given our past history with failure to keep up with software changes, odds are this ad-hoc dump is as good as any set-in-stone API out there, because the big APIs change every couple years. We've outlasted a lot of other sites, and are slow to change.

If you do develop a JS client (or any client really), THANK YOU!

Remember, however, that you can't put ads on the stories or in the client, because the articles are only allowed to be reused non-commercially (unless you get an agreement with the original author). Our standard agreement is an article is free for noncommercial use by us and by noncommercial sites, but copyright belongs to the author. (The exception being Fair Use, of course. Also, it's unclear what status RSS feed data has. I've assumed RSS data is reusable for anything without restrictions.)
Report this post as:
Share on: Twitter, Facebook, Google+

add your comments


a minor question to johnk

by nasty boy Tuesday, Mar. 12, 2013 at 8:48 AM

Is this the reason the report system has been constantly disabled, reset, I.D. numbers changed and the minimal attendance to the report feature have occurred?
jest me asking...
how was that tenth year anniversary? You never reported it with a minor post that I ever noticed. Maybe I missed it.
:>)
Report this post as:
Share on: Twitter, Facebook, Google+

add your comments


I recall being told on here JS couldn't be exploited

by crazy_inventor Tuesday, Mar. 12, 2013 at 1:07 PM

I recall being told ...
json-js_exploits.png, image/png, 600x489

"JSON exploit"

About 385 results




Anatomy of a Subtle JSON Vulnerability

http://haacked.com/archive/2008/11/20/anatomy-of-a-subtle-json-vulnerability.aspx

Nov 20, 2008

it was successfully demonstrated against GMail a while back.

The post, JSON is not as safe as people think it is,

http://directwebremoting.org/blog/joe/2007/03/05/json_is_not_as_safe_as_people_think_it_is.html

covers it well, but I thought I’d provide step-by-step coverage to help make it clear how the exploit works.




you've been HAACKED - json

http://haacked.com/tags/json/default.aspx




Exploiting JSON Framework : 7 Attack Shots

http://www.infosecwriters.com/text_resources/pdf/ExploitingJSON_ASood.pdf




json array exploit

https://www.ibm.com/developerworks/mydeveloperworks/blogs/pmuellr/entry/json_array_exploit




JSON Hijacking Vulnerability

Nov 2, 2010

http://spreecommerce.com/blog/json-hijacking-vulnerability




Is it possible to XSS exploit JSON responses

JSON responses can be exploited by overriding Array constructors


http://stackoverflow.com/questions/3146324/is-it-possible-to-xss-exploit-json-responses-with-proper-javascript-string-escap




JSON Hijacking

Jun 24, 2009

http://haacked.com/archive/2009/06/24/json-hijacking.aspx




JSON Data Exploits

Jul 7, 2011

http://frankspeech.tumblr.com/post/7331368757




Rails JSON and XML security bugs

Jan 9, 2013

They concern the parsing of JSON and XML request bodies and can ... and more serious than, the recent SQL injection vulnerability

http://blog.brightbox.co.uk/posts/rails-json-and-xml-security-bugs



Exploits

Mar 22, 2012

JSON hijacking is an exploit which has not had the publicity it perhaps deserves. It is a real risk to website security

http://www.mattlunn.me.uk/blog/category/exploits/






"JS exploit"

About 125,000 results


Remove JS/Exploit-Blacole virus

Dec 11, 2012



Remove Exploit:JS/Cooexp.A

Jan 17, 2013



McAfee Communities: What is JS/Exploit-Blacole.i?

Mar 18, 2012




JS/Exploit-Rekit.b

Jan 31, 2013




Undetected Js Exploit - Bitdefender Forum

Nov 28, 2012

Cool Exploit Kit (other); Exploit.JS.Pdfka.ggz (Kaspersky); Cooexp.A (Norman); EXP/JS.Expack.CO (Avira); JS/Exploit-Blacole.gq (McAfee)




JS/Exploit - Sophos

Apr 30, 2002

Report this post as:
Share on: Twitter, Facebook, Google+

add your comments


they like a hackable site

by nasty boy Wednesday, Mar. 13, 2013 at 8:56 AM

why the hell didn't they use CAPTCHA as a "human" qualifier?
This math question is able to be hacked very simply.
I sometime believe that someone wants this newswire to be vulnerable on many levels. Look at the IMC wasteland out there. Most of the sites are down but still listed.
Enemy action and lackadaisical involvement aren't a good mix.
Then there's the mole / infiltration factor. No transparency is also a bad idea unless security is involved. An announcement is not transparency.
Report this post as:
Share on: Twitter, Facebook, Google+

add your comments


well CAPTCHAs can be defeated too

by crazy_inventor Wednesday, Mar. 13, 2013 at 10:17 AM

Sites exist that make you solve one to obtain something you want - say a serial.

But the CAPTCHA they place on the page simply links back to here (assuming they used a CAPTCHA here)

So they have uninvolved people solve the CAPTCHAs for them..


I'm not saying the JSON/JS here IS unsecure (how would I know - I keep it disabled), but assurance was replied here that JS couldn't BE exploited...

- Hits go back to 2002 about JS exploitation.

And MD5 - rainbow tables anyone ?



The moleing is in the consensus, and the real control is in pleasing the foundations.


Besides most of the material I collect, write and air can't even be posted on here.

I've decided to post on onion forum insted - I just registered crazy_inventor and posted what I would have posted here. (before I posted there as anon/guest)


IMC hates dox, especially on people like Michelle Obama, Joe Biden, Robert Mueller, Hillary Clinton, Eric Holder, Charlie Beck, Sarah Palin, Donald Trump, Arnold Schwarzenegger, and Al Gore.

Such posts lead to the feds seizing their servers, and
endangers their foundation grants.

There's no problem with any of that on the onion forum, plus you can register and keep anyone else from spoofing your handle.
Report this post as:
Share on: Twitter, Facebook, Google+

add your comments


Qfor brianiac

by curious Friday, Mar. 15, 2013 at 3:39 PM

how can CATCHA " be defeated" It would seem to be advanced AI to do so.
Report this post as:
Share on: Twitter, Facebook, Google+

add your comments


A for the CIA obsessed

by crazy_inventor Friday, Mar. 15, 2013 at 5:17 PM

Fastest captcha bypass , Cheapest captcha solver, real decaptcher

CBH captcha solver


Download CAPTCHA Solver 1.1

captcha-breaking-library - A library and scripting language

Artificial Intelligence, NeuralNetwork


Social Captcha Solver (SCS)

I'm making a PHP class that solved Captcha's socially - it keeps track of the original URL, the Captcha key, challenge, response, status



Captchainfinity | Captcha Solver | Automatic Captcha


Simple CAPTCHA solver in python


Captcha solver

Do any of you know about a good captcha solver that is either for free or cheap?



Cheapest CAPTCHA bypass service — Death by CaptchaA hybrid system composed of the most advanced OCR system on the market, along with a 24/7 team of CAPTCHA solvers.

An average response time of 15



Captcha Solver for Ikariam

Captcha Sniper

recaptcha


Gsa Captcha Breaker


Auto Captcha Solver Software


I need some kind of captcha solver, ASAP. :P

The 3rd party captcha fees are killing me and seriously limiting my campaigns.

-------------------------------------------------------------------------------------


I have these in my archive :


YahooCAPTCHARecognition.rar

Captch Sniper v1.2.exe

Captcha Sniper Users Guide.pdf


Report this post as:
Share on: Twitter, Facebook, Google+

add your comments


captcha

by johnk Monday, Apr. 21, 2014 at 5:51 AM

The point of the math question was to discourage robotic post programs. It did that.

It didn't discourage human spammers, but there were fewer of them.

As for json - yes, there are issues with it, but the safety comes from using a safe decoder. The risk of displaying bad code exists, though. If the HTML code contains something like an iframe or img, maybe that's a risk there.
Report this post as:
Share on: Twitter, Facebook, Google+

add your comments


© 2000-2018 Los Angeles Independent Media Center. Unless otherwise stated by the author, all content is free for non-commercial reuse, reprint, and rebroadcast, on the net and elsewhere. Opinions are those of the contributors and are not necessarily endorsed by the Los Angeles Independent Media Center. Running sf-active v0.9.4 Disclaimer | Privacy