Follow us on Twitter!
Understanding is the answer, hatred is the problem, and hackers are the slaves abused and destroyed in the process of peace online - Deshouleres
Thursday, April 17, 2014
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 22
Guests Online: 21
Members Online: 1

Registered Members: 82818
Newest Member: Ahmed
Latest Articles
View Thread

HellBound Hackers | Events | General

Author

can i deface a site by xss


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 22-10-08 21:51
i found a site which has a xss hole..... i can pass the message with js script:
<script>document.body.innerHTML="<style>body{visibility:hidden;}</style><div style=visibility:visible;><h1>xaxaxa</h1></div>";</script>

ok... but there a js code to deface the site.... i.e i can pass the message "xaxaxa" in the site through xss and every time i see the site the message "xaxaxa" ther is in the site..... or.... the xss it's only for cookies stealing????
any help????Grin
Author

RE: can i deface a site by xss

Mr_Cheese




Posts: 2468
Location: Brighton, UK
Joined: 30.11.04
Rank:
Uber Elite
Posted on 22-10-08 21:57
if its a guestbook styler site wher you can add your input to the page, then it can cause a defacement.

if its a GET variable you're "exploiting" then obvioulsy it only applies to that page load.

may i suggest you start learning how websites work, i.e HTML, forms, POST/GET, databases etc before you start exploiting.

XSS is a lot more powerful that cookie stealing.

and please note HBH does not condone, support, or encourage defacing of innocent websites. If you are caught, or end up asking for help for this, not only will people not help you, but your account will get banned too.
http://www.hellboundhackers.org/
Author

RE: can i deface a site by xss


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 22-10-08 22:00
you could include a script from another source. There are tons of stuff you can do with xss. There are xss shell, xss tunneling, cookie stealing but if you just want to deface the site then include an picture or something like that to cover the whole front page.


Author

RE: can i deface a site by xss

Futility
Member



Posts: 725
Location: USA
Joined: 17.12.07
Rank:
God
Posted on 22-10-08 22:01
Cross site scripting can be used for tons of different things. Yes, you can deface a site using it, but you'd need to find a way to have the code saved directly to the site. A forum that doesn't filter HTML when people post is pretty good example. Finding a vulnerability in a search box won't cut it, which is why phishing and cookie stealing are more popular. Craft a specific URL for the target and send it over.


i252.photobucket.com/albums/hh11/zanimabean/Zim.png
Futility91@hotmail.com Futility91
Author

RE: can i deface a site by xss


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 22-10-08 22:02
it's a search box... i know some things about xss js etc.... but i don;t know if i can deface the site through xss...
Author

RE: can i deface a site by xss

Futility
Member



Posts: 725
Location: USA
Joined: 17.12.07
Rank:
God
Posted on 22-10-08 22:06
dovis wrote:
it's a search box... i know some things about xss js etc.... but i don;t know if i can deface the site through xss...

If it's a search box, then you're either exploiting a GET or POST variable, which means it's not permanent. Which also means you can't deface it because the data isn't saved anywhere. Why are you so intent on defacing sites anyway? If you've got an XSS hole, there are tons of more useful things that can be done.


i252.photobucket.com/albums/hh11/zanimabean/Zim.png
Futility91@hotmail.com Futility91
Author

RE: can i deface a site by xss


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 22-10-08 22:08
using the code above i deface the site but when i reload the site without the script i din;t see the message...... i want the message remains in the site......Angry
Author

RE: can i deface a site by xss


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 22-10-08 22:12
it's the GET.... what else can i do??? i want to show in the site ,that there is a xss whole???? any help????
Author

RE: can i deface a site by xss

yours31f
Member



Posts: 1678
Location: Dallas Texas
Joined: 27.04.07
Rank:
Elite
Posted on 22-10-08 22:19
have you tried e-mailing the web-master to let him know?


Debugging is what programmers do to beta software to make it take up more room on your hard drive if it is running too efficiently.


img259.imageshack.us/img259/3713/sigr.png

yours31f@live.com yours31f@yahoo.com rpwd.info
Author

RE: can i deface a site by xss

Mr_Cheese




Posts: 2468
Location: Brighton, UK
Joined: 30.11.04
Rank:
Uber Elite
Posted on 22-10-08 22:22
xssed.com

you can submit XSS urls.

as quoted on their website:
Once the mirror has been validated and published, you should contact the webmasters of the affected web site and help them to fix the flaw.
http://www.hellboundhackers.org/
Author

RE: can i deface a site by xss

Futility
Member



Posts: 725
Location: USA
Joined: 17.12.07
Rank:
God
Posted on 22-10-08 22:41
dovis wrote:
it's the GET.... what else can i do??? i want to show in the site ,that there is a xss whole???? any help????

Alright. That's enough of this. I thought we were clear. In order for the XSS (and the 'defacement') to be permanent, data needs to be saved to the page. Search boxes don't save anything to the page, so there is no way for you to deface it. A GET variable, as previously stated, can be used to phish, steal cookies, and a slew of other target-based attacks. You would need to get the target to click on your maliciously crafted URL in order for it to work because nothing is being saved to the site.

Oh, and I don't think he's looking to tell the webmaster about it. All he wants is the 'fame' that comes along with taking down a site.

[EDIT] I don't even bother submitting things to xssed.com anymore. By the time they check them, I've already contacted the webmaster and helped him fix the problem.


i252.photobucket.com/albums/hh11/zanimabean/Zim.png


Edited by Futility on 22-10-08 22:43
Futility91@hotmail.com Futility91
Author

RE: can i deface a site by xss


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 22-10-08 23:19
thanks a lot for the help... i found a xssshell and i try to work with it and i post the results ...
thanks for the advises......
Grin
Author

RE: can i deface a site by xss

yours31f
Member



Posts: 1678
Location: Dallas Texas
Joined: 27.04.07
Rank:
Elite
Posted on 22-10-08 23:53
I give him three days till a warn/ban.


Debugging is what programmers do to beta software to make it take up more room on your hard drive if it is running too efficiently.


img259.imageshack.us/img259/3713/sigr.png

yours31f@live.com yours31f@yahoo.com rpwd.info
Author

RE: can i deface a site by xss


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 23-10-08 01:07
yours31f wrote:
I give him three days till a warn/ban.

You're working on one if you don't start being useful again (short-lived as that was).




Edited by on 23-10-08 01:07
Author

RE: can i deface a site by xss

Uber0n
Member



Posts: 1963
Location: Sweden‭‮
Joined: 13.06.06
Rank:
Hacker Level 3
Posted on 23-10-08 08:47
Futility wrote:
I don't even bother submitting things to xssed.com anymore. By the time they check them, I've already contacted the webmaster and helped him fix the problem.


Yeah, what are Kevin and Dimitris up to? :right: I sure miss the good old 'submit and it gets verified within a day'-style ^^


img230.imageshack.us/img230/724/uber0nsig3hj6.gif
http://uber0n.web. . .
Nope http://uber0n.webs.com/
Author

RE: can i deface a site by xss

yours31f
Member



Posts: 1678
Location: Dallas Texas
Joined: 27.04.07
Rank:
Elite
Posted on 23-10-08 15:28
I got to a point where I wondered if the site was even operational. I submitted about 5-6 sites and none were ever accepted. So, I just quit going.


Debugging is what programmers do to beta software to make it take up more room on your hard drive if it is running too efficiently.


img259.imageshack.us/img259/3713/sigr.png

yours31f@live.com yours31f@yahoo.com rpwd.info