Follow us on Twitter!
The measure of a mans life is not how well he dies, but how well he lives.
Friday, April 18, 2014
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 30
Guests Online: 28
Members Online: 2

Registered Members: 82825
Newest Member: bulmers
Latest Articles
View Thread

HellBound Hackers | Computer General | General Computer Problems

Page 2 of 2 < 1 2
Author

RE: script filter bug?

ynori7
Member



Posts: 1486
Location: #valhalla
Joined: 08.10.07
Rank:
God
Posted on 16-10-10 22:17
Mtutnid wrote:
I know its nothing, but it is still just a minor bug... A bug is a bug... It does not work properly, that means it is a bug... Even if it is totally minor.

It's. Not. A. Bug.

You could do exactly the same thing by using firebug and changing your rendered html. It does nothing. There is no exploit here.


halls-of-valhalla.org/images/affiliateLogo.png voodoorage.halls-of-valhalla.org/images/smallLogo.png
i537.photobucket.com/albums/ff338/ynori77/archenemysig1.jpg
ynori7 http://halls-of-valhalla.org
Author

RE: script filter bug?


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 17-10-10 04:31
Mtutnid wrote:
MoshBat wrote:
stealth- wrote:
steal your cookies for their use....

Not here.


I would not need to steal cookies. I could just change your pass.


No you couldn't. I've already tried that with a real XSS hole on this site. The only way you'd have a shot of changing the password or actually doing anything of interest would be to:

1. Get the user to click on XSS link and steal cookie AND page token (the edit_profile token is the same as logout token, so you can just use javascript to regex it rather than send another request through cURL/PHP)

2. Now that you already have the token and cookies, all you have to do is change your IP. Use something like this (http://stackoverf. . .ip-address) to 'spoof' you're IP (basically just send a one way connection to hbh to change password or do whatever you want).

The first step is really easy but good luck getting the second part to work.
Author

RE: script filter bug?

Mtutnid
Member

Your avatar

Posts: 102
Location: HELL
Joined: 22.09.10
Rank:
Newbie
Posted on 17-10-10 10:12
DELETED

Edited by Mtutnid on 27-11-11 18:20
Author

RE: script filter bug?

Mtutnid
Member

Your avatar

Posts: 102
Location: HELL
Joined: 22.09.10
Rank:
Newbie
Posted on 17-10-10 17:12
DELETED

Edited by Mtutnid on 27-11-11 18:20
Author

RE: script filter bug?

spyware
Member



Posts: 4192
Location: The Netherlands
Joined: 14.04.07
Rank:
God
Warn Level: 90
Posted on 17-10-10 17:14
Mtutnid wrote:
OK, i will. Getting tired of irritating HBH members and staff.


Thanks, you -were- irking me a bit, but it's good that you realize this. Better luck next time!



img507.imageshack.us/img507/3580/spynewsig3il1.png
"The chowner of property." - Zeph
[small]
Widespread intellectual and moral docility may be convenient for leaders in the short term,
but it is suicidal for nations in the long term.
- Carl Sagan
“Since the grid is inescapable, what were the earlier lasers about? Does the corridor have a sense of humor?” - Ebert
[/s
http://bitsofspy.net
Author

RE: script filter bug?

Mtutnid
Member

Your avatar

Posts: 102
Location: HELL
Joined: 22.09.10
Rank:
Newbie
Posted on 17-10-10 19:39
DELETED

Edited by Mtutnid on 27-11-11 18:21
Author

RE: script filter bug?

Mtutnid
Member

Your avatar

Posts: 102
Location: HELL
Joined: 22.09.10
Rank:
Newbie
Posted on 17-10-10 20:42
DELETED

Edited by Mtutnid on 27-11-11 18:21
Page 2 of 2 < 1 2