| Author |
javascript 4 :( |
kyul
Member
Posts: 26
Location: Manchester
Joined: 30.04.07
Rank: Hacker Level 1 |
|
ive done all the others, except for 16, but i just can't do 4
i think i have to put something in the p**e=U*e+T**s part of the url
i just don't really know what im looking for
any hints would be greatly appreciated  thanks
 |
  
|
| Author |
RE: javascript 4 :( |
K_I_N_G
Member
Posts: 356
Location: ?
Joined: 04.03.08
Rank: Elite |
|
Its a simple xss attack homie.
Check this: [spoiler removed]
You need too alert the cookie (it being in javascblockedript challenges I thought it was a javascblockedript injection but no). Its really simple if you understand what syntaxe too use.
Edited by K_I_N_G on 06-08-08 01:35 |
|
|
| Author |
RE: javascript 4 :( |
Fewmitz
Member
Posts: 13
Location:
Joined: 27.07.08
Rank: Active User |
|
I bet you're over thinking it.
http://www.hellboundhackers.org/articles/749-xss-the-complete-walkthrough.html
Read that. The answer is almost literally RIGHT in that article. |
|
|
| Author |
RE: javascript 4 :( |
kyul
Member
Posts: 26
Location: Manchester
Joined: 30.04.07
Rank: Hacker Level 1 |
|
|
moshbat wrote:
Dude! I've shown you XSS a few times!
i know lol, i still cant get it, i understand the concept, but just cant get it right lol
i just need to keep trying XD
|
|
|
| Author |
RE: .. |
ravix101
Member
Posts: 8
Location: In za flow
Joined: 21.08.08
Rank: Mad User |
|
|
Ya im sort of new ive got past the first 3 okay, but this is giving me trouble ive looked through the xss page but nothing i insert seems to work. |
|
|
| Author |
RE: javascript 4 :( |
Night_Stalker
Member
Posts: 329
Location:
Joined: 01.02.07
Rank: Elite
Warn Level: 10
|
|
Maybe this link can give you an idea??
https://www.elitehackers.info/forums/showthread.php?p=52491
|
|
|
| Author |
RE: .. |
ravix101
Member
Posts: 8
Location: In za flow
Joined: 21.08.08
Rank: Mad User |
|
|
I read it but it doesnt give me any info on how to make the cookie appear. |
|
|
| Author |
RE: javascript 4 :( |
a7x2thedeath
Member
Posts: 66
Location: East Coast U.S.A
Joined: 20.06.08
Rank: Hacker Level 2 |
|
http://www.securiteam.com/securitynews/5CP052A8AU.html
It was in one of the articles, so next time try looking there first.
If you want a reference, use the search function, and search Javascblockedript 1-4
 |
|
|
| Author |
RE: javascript 4 :( |
Night_Stalker
Member
Posts: 329
Location:
Joined: 01.02.07
Rank: Elite
Warn Level: 10
|
|
Did you notice the code? How he typed a code that you would put onto a website to make the "test" pop up?
Can you think of a code/scblockedript to put on a webpage to make a cookie pop up? Enter that after the "=" in the url you get when you click the "Use This" button.. ( http://www.hellboundhackers.org/challenges/js/js4/index.php?submit=Use+this )
~Night_Stalker
|
|
|
| Author |
RE: javascript 4 :( |
a7x2thedeath
Member
Posts: 66
Location: East Coast U.S.A
Joined: 20.06.08
Rank: Hacker Level 2 |
|
http://www.securiteam.com/securitynews/5CP052A8AU.html
It was in one of the articles, so next time try looking there first.
If you want a reference, use the search function, and search Javascblockedript 1-4
|
|
|
| Author |
RE: javascript 4 :( |
a7x2thedeath
Member
Posts: 66
Location: East Coast U.S.A
Joined: 20.06.08
Rank: Hacker Level 2 |
|
http://www.securiteam.com/securitynews/5CP052A8AU.html
It was in one of the articles, so next time try looking there first.
If you want a reference, use the search function, and search Javascblockedript 1-4
|
|
|
| Author |
RE: javascript 4 :( |
a7x2thedeath
Member
Posts: 66
Location: East Coast U.S.A
Joined: 20.06.08
Rank: Hacker Level 2 |
|
http://www.securiteam.com/securitynews/5CP052A8AU.html
It was in one of the articles, so next time try looking there first.
If you want a reference, use the search function, and search Javascblockedript 1-4
|
|
|
| Author |
RE: .. |
ravix101
Member
Posts: 8
Location: In za flow
Joined: 21.08.08
Rank: Mad User |
|
i tried [spoiler]; and it didnt work i cant really think of anything else..
Edited by Futility on 22-08-08 03:24 |
|
|
| Author |
RE: javascript 4 :( |
Futility
Member
Posts: 715
Location: USA
Joined: 17.12.07
Rank: God |
|
|
ravix101 wrote:
i tried [spoiler]; and it didnt work i cant really think of anything else..
That was the correct Javascblockedript string. You just need to get it so you can inject it with XSS. PM me if you need help.
|
|
| Author |
RE: javascript 4 :( |
s33us00n
Member
Posts: 19
Location: Bucharest
Joined: 05.04.08
Rank: Uber Elite |
|
I am stuck on this one. After completing the first 3 i read 2 hours about XSS(didn't hear about it before) and i can't get it working. I looked on the internet, found an XSS vulnerable site and i got a pop-up box . But i can't get it working on the javascblockedript 4 link after pasting the content after the "=" symbol. Can anybody help? Thanks in advance! |
|
|
| Author |
RE: javascript 4 :( |
Night_Stalker
Member
Posts: 329
Location:
Joined: 01.02.07
Rank: Elite
Warn Level: 10
|
|
kyul wrote:
ive done all the others, except for 16, but i just can't do 4
i think i have to put something in the p**e=U*e+T**s part of the url
i just don't really know what im looking for
any hints would be greatly appreciated thanks
Think of a scblockedript, that would allow you to view a cookie, were you to post it into a shoutbox?
|
|
|
| Author |
RE: javascript 4 :( |
s33us00n
Member
Posts: 19
Location: Bucharest
Joined: 05.04.08
Rank: Uber Elite |
|
Night_Stalker wrote:
Think of a sc blockedript, that would allow you to view a cookie, were you to post it into a shoutbox?
)Yeah...i know.....but for the moment i was concentrating only for that pop-up....because this way that scrip won't work either and my brain will start believing that the page it's not vulnerable. /index.php?submit=<scblockedript>alert("XSS" </scblockedript> is not working and i don't know why....i tried in another site and it worked but not here. |
|
|
| Author |
RE: javascript 4 :( |
jacobcapra
Member
Posts: 36
Location: D-ville
Joined: 14.04.08
Rank: Uber Elite |
|
just think of how u put a little javascblockedript into, so HTML.... with some tags, then put the usual javascblockedript used to get cookies. this isn't too complicated.... those articles spell it out so much.
 |
|
|
| Author |
RE: javascript 4 :( |
s33us00n
Member
Posts: 19
Location: Bucharest
Joined: 05.04.08
Rank: Uber Elite |
|
|
Ohhh...com on. I got it but....i had a little misunderstanding. In the articles it was said how to steal cookies from other users and not how to find a hidden cookie on a server. I mean...it's kinda different for me....Thanks a lot guys, i appreciate your help. |
|
|
| Author |
RE: javascript 4 :( |
The_Gman
Member
Posts: 30
Location:
Joined: 02.09.08
Rank: Mad User |
|
|
You're not forcing someone else to run your XSS JS, instead you're using it to access data on your computer you didn't have access to. |
|
|
Main:
