Follow us on Twitter!
Things are more like they are now than they have ever been before. - Dwight D. Eisenhower
Sunday, April 20, 2014
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 28
Guests Online: 26
Members Online: 2

Registered Members: 82843
Newest Member: hx47
Latest Articles

Guestbook Hacking

Arrow Image How to take control of Guestbooks, most commonly guestbook.html



Hacking Guestbooks

Guestbooks are one of the most easly and most common begginer hacks. Because Guestbooks allow users to submit their information onto the website.

So if a guestbook was to not filter html commands, then that information is submitted to the website!!! See where im going with this....

So if you were to input html into your guestbook entry, that will be uploaded to the website, thus giving you control of that page.

So, steps to take when hacking a guestbook:

see if its vunerable! You can do this by inputing tags like:

<plaintext> or <img src="javascript:alert('noob')">

If you get a whole page of code (plaintext) or a message box saying "noob", then the page is vunerable.


So now you can attack the guestbook!

to make a message pop up on the screen, you inject javascript into a <img> tag or a <script>, but sometimes [script] is disabled.

so a img tag would be like:
<img src="javascript:alert('noob')">

or if you wanted to redirect the page, you can use another <img> tag:
<img src="javascript:void(window.location=('http://www.google.com'))">
WoW, now that page redirects to your page! simpe huh!!

Be creative, any html command can work!

Happy Hacking.

HellBound Hackers is not responsible for any blackhat hacks you may do.

~ Mr_Cheese ~

Edit by Mr_Cheese: STOP TRYING TO HACK GUESTBOOKS IN MY NAME.

Comments

BlackAce227on April 05 2005 - 00:18:02
if u need help just dl my Guestbook Hacker Program
nights_shadowon May 25 2005 - 12:54:43
Why don't you just test it out by putting a real message? html body font color=red blah blah blah etc. then trying the img src=realpicture.jpg That way, you've just tested it for a vulnerability without making you look like you are going to hack it "img src=javascr!pt(etc.)" and the admin comes on line and reports your ip to your isp.
champlooon June 01 2006 - 04:32:51
does it have to be javascript or can i just put in like my html code from m defacment?
Mr_Cheeseon July 22 2006 - 00:36:31
any html code will work.
MaWon July 28 2006 - 12:40:09
what dous it mean when i post <img src="javascript:alert('noob'Wink"> and it comes up with a broken image?
Der Heiligenon December 21 2006 - 00:43:41
it means that it's looking for that image and can't find it, so it comes up with a broken image.
anon14on February 27 2007 - 17:26:57
<img src="javascript:alert('noob'Wink">, where could i use this
koolkeith12345on March 14 2007 - 19:55:11
good article but its quite hard to find guestbooks as exploitable as that though using an onerror script in an img tag like this one works in most <img src="asdf" onerror="alert(document.cookie)"/> unfortunately you cant put your own message in the alert because quotes inside quotes screws things up a bit though an infinite js loop and alert document.body.innerHTML
ReTaRDeDon April 27 2007 - 17:20:48
Go to dermatone.com and look at their guestbook! OMF! NINJA :ninja: ***I never said I did it! I am completely innocent until proven else!*** Love you Pfft
ReTaRDeDon April 29 2007 - 19:31:43
Colorfulsprinkles.com :ninja: [img]javascript:alert('!.PWND By R3T4RD.!'Wink[/img]
loxaXcrackeron December 08 2007 - 17:37:14
Damn!! i can't find any epxploitable guest book!! :angry:
japanesedudeon September 08 2008 - 21:23:46
LOL, THIS ARTICLE, LOL!
K3174N 420on October 14 2008 - 20:44:57
quote: Edit by Mr_Cheese: STOP TRYING TO HACK GUESTBOOKS IN MY NAME. ROFL! XD GrinGrinGrin
K3174N 420on October 14 2008 - 20:46:13
quote: Edit by Mr_Cheese: STOP TRYING TO HACK GUESTBOOKS IN MY NAME. ROFL! XD GrinGrinGrin
japanesedudeon December 07 2008 - 14:05:51
HAHAHAHAHAHAHA!! MR_CHEESE, LOL!!! AHHAHAHAH FUCK YOU!!!!
IbaiJoeon April 09 2012 - 17:39:56
This only defaces or redirects you to the deface when someone submits an entry to the guestbook... But how would you edit your entry so that you redirect people from the index page of the site to your deface ?
Post Comment

Sorry.

You must have completed the challenge Basic 1 and have 100 points or more, to be able to post.