Follow us on Twitter!
Few are those who can see with their own eyes and hear with their own hearts. - Albert Einstein
Saturday, April 19, 2014
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 25
Guests Online: 25
Members Online: 0

Registered Members: 82839
Newest Member: fezphantom
Latest Articles
View Thread

HellBound Hackers | Computer General | Hacking in general

Author

Bypassing striphtmlchars()


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 07-09-08 20:29
Basiaclly I was wondering if anyone knows how to properly bypass this. I know that if I encode the html tag (<script>Wink into:
Decimal NCRs:*script
Hexadecimal NCRs:<script>
And probebly more like UTF-7/8 or something but when I try stuff like(Decimal NCRs - "><script>alert(1)</script>Wink:
"*scriptalert(1)*/script
On the site it allows it to be added but the alert isn't there (it wil say something like: No results found for "><script>alert(1)</script>Wink So if anyone could help me out that would be great.
Edit: Decimal NCRs: = <script> encoded in Decimal NCRs:same with Hexadecimal NCRs: where it says (Decimal NCRs - "><script>alert(1)</script>Wink: it means "><script>alert(1)</script> encoded in Decimal NCRs thats where it says "*scriptalert(1)*/script (to avoid XSS on the forum)
Sorry for being such a twat/moron/imbecile/retard/spaz I wasn't thinking Sad *I hang my head in shame* P.S a place to convert them http://rishida.ne. . .ersion.php Once again sorry
Thanks
SaMTHGSmile





Edited by on 07-09-08 20:56
Author

RE: Bypassing striphtmlchars()

spyware
Member



Posts: 4192
Location: The Netherlands
Joined: 14.04.07
Rank:
God
Warn Level: 90
Posted on 07-09-08 20:34
Can't understand a thing you're trying to say. Also; smileys.



img507.imageshack.us/img507/3580/spynewsig3il1.png
"The chowner of property." - Zeph
[small]
Widespread intellectual and moral docility may be convenient for leaders in the short term,
but it is suicidal for nations in the long term.
- Carl Sagan
“Since the grid is inescapable, what were the earlier lasers about? Does the corridor have a sense of humor?” - Ebert
[/s
http://bitsofspy.net
Author

RE: Bypassing striphtmlchars()


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 07-09-08 20:49
Sorry I didn't think. HBH filters decoded the encoded script


Author

RE: Bypassing striphtmlchars()

Night_Stalker
Member

Your avatar

Posts: 329
Location:
Joined: 01.02.07
Rank:
Apprentice
Warn Level: 10
Posted on 07-09-08 20:50
SaMTHG wrote:
Basiaclly I was wondering if anyone knows how to properly bypass this. I know that if I encode the html tag (<script>Wink into:
Decimal NCRs:*script
Hexadecimal NCRs:<script>
And probebly more like UTF-7/8 or something but when I try stuff like(Decimal NCRs - "><script>alert(1)</script>Wink:
"*scriptalert(1)*/script
On the site it allows it to be added but the alert isn't there (it wil say something like: No results found for "><script>alert(1)</script>Wink So if anyone could help me out that would be great.
Thanks
SaMTHGSmile


Only incompetent fools put smilies inside their scripts, and end their posts with their name even though it is included in their sig...

EDIT: Wait, I was thinking you were yous3lf, I was going to come to congradulate you on another worthless post, but then realized you aren't him... But the smiles do make it look like a foolish, incompetent homosexual posted it...




Edited by Night_Stalker on 07-09-08 21:00
Author

RE: Bypassing striphtmlchars()


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 07-09-08 23:00
Night_Stalker wrote:
Only incompetent fools put smilies inside their scripts, and end their posts with their name even though it is included in their sig...

EDIT: Wait, I was thinking you were yous3lf, I was going to come to congradulate you on another worthless post, but then realized you aren't him... But the smiles do make it look like a foolish, incompetent homosexual posted it...


Okay, okay, a simple "disable your smilies when you post code" would've sufficed. It's not like you have any grounds to judge anyone else here, anyways.