Donate to us via Paypal!
You cannot teach a man anything; you can only help him find it within himself. - Galileo
Monday, April 19, 2021
Navigation
Home
 Find:
 Information:
Learn
Communicate
Submit
Shop
Challenges
 Exploit:
 Programming:
 Think:
 Track:
 Patch:
 Other:
 Need Help?
Other
Members Online
Total Online: 103
Guests Online: 101
Members Online: 2

Registered Members: 135487
Newest Member: marketingservices
Latest Articles

View Thread

HellBound Hackers | Challenges | Javascript

Page 1 of 2 1 2 >
Author

javascript 4 :(


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 05-08-08 22:32
ive done all the others, except for 16, but i just can't do 4


i think i have to put something in the p**e=U*e+T**s part of the url

i just don't really know what im looking for

any hints would be greatly appreciated Smile thanks



Author

RE: javascript 4 :(


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 05-08-08 23:52
Its a simple xss attack homie.
Check this: [spoiler removed]

You need too alert the cookie (it being in javascript challenges I thought it was a javascript injection but no). Its really simple if you understand what syntaxe too use.




Edited by on 06-08-08 01:35
Author

RE: javascript 4 :(


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 06-08-08 01:32
I bet you're over thinking it.

http://www.hellboundhackers.org/articles/749-xss-the-complete-walkthrough.html

Read that. The answer is almost literally RIGHT in that article.
Author

RE: javascript 4 :(


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 07-08-08 19:23
moshbat wrote:
Dude! I've shown you XSS a few times!


i know lol, i still cant get it, i understand the concept, but just cant get it right lol

i just need to keep trying XD




Author

RE: ..

ravix101
Member



Posts: 8
Location: In za flow
Joined: 21.08.08
Rank:
Guest
Posted on 22-08-08 01:15
Ya im sort of new ive got past the first 3 okay, but this is giving me trouble ive looked through the xss page but nothing i insert seems to work.
Author

RE: javascript 4 :(

Night_Stalker
Member

Your avatar

Posts: 329
Location:
Joined: 01.02.07
Rank:
Apprentice
Warn Level: 10
Posted on 22-08-08 01:22
Maybe this link can give you an idea??

https://www.elite. . .hp?p=52491


Author

RE: ..

ravix101
Member



Posts: 8
Location: In za flow
Joined: 21.08.08
Rank:
Guest
Posted on 22-08-08 01:31
I read it but it doesnt give me any info on how to make the cookie appear.
Author

RE: javascript 4 :(


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 22-08-08 02:07
http://www.securiteam.com/securitynews/5CP052A8AU.html

It was in one of the articles, so next time try looking there first.
If you want a reference, use the search function, and search Javascript 1-4


Author

RE: javascript 4 :(

Night_Stalker
Member

Your avatar

Posts: 329
Location:
Joined: 01.02.07
Rank:
Apprentice
Warn Level: 10
Posted on 22-08-08 02:09
Did you notice the code? How he typed a code that you would put onto a website to make the "test" pop up?
Can you think of a code/SCRIPT to put on a webpage to make a cookie pop up? Enter that after the "=" in the url you get when you click the "Use This" button.. ( http://www.hellboundhackers.org/challenges/js/js4/index.php?submit=Use+this )
Smile

~Night_Stalker


Author

RE: javascript 4 :(


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 22-08-08 02:11
http://www.securiteam.com/securitynews/5CP052A8AU.html

It was in one of the articles, so next time try looking there first.
If you want a reference, use the search function, and search Javascript 1-4


Author

RE: javascript 4 :(


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 22-08-08 02:11
http://www.securiteam.com/securitynews/5CP052A8AU.html

It was in one of the articles, so next time try looking there first.
If you want a reference, use the search function, and search Javascript 1-4


Author

RE: javascript 4 :(


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 22-08-08 02:11
http://www.securiteam.com/securitynews/5CP052A8AU.html

It was in one of the articles, so next time try looking there first.
If you want a reference, use the search function, and search Javascript 1-4


Author

RE: ..

ravix101
Member



Posts: 8
Location: In za flow
Joined: 21.08.08
Rank:
Guest
Posted on 22-08-08 03:21
i tried [spoiler]; and it didnt work i cant really think of anything else..

Edited by Futility on 22-08-08 03:24
Author

RE: javascript 4 :(

Futility
Member

Your avatar

Posts: 760
Location: USA
Joined: 17.12.07
Rank:
God
Posted on 22-08-08 03:25
ravix101 wrote:
i tried [spoiler]; and it didnt work i cant really think of anything else..

That was the correct Javascript string. You just need to get it so you can inject it with XSS. PM me if you need help.


Futility91@hotmail.com Futility91
Author

RE: javascript 4 :(


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 05-09-08 21:20
I am stuck on this one. After completing the first 3 i read 2 hours about XSS(didn't hear about it before) and i can't get it working. I looked on the internet, found an XSS vulnerable site and i got a pop-up boxGrin. But i can't get it working on the javascript 4 link after pasting the content after the "=" symbol. Can anybody help? Thanks in advance!Pfft
Author

RE: javascript 4 :(

Night_Stalker
Member

Your avatar

Posts: 329
Location:
Joined: 01.02.07
Rank:
Apprentice
Warn Level: 10
Posted on 05-09-08 21:25
kyul wrote:
ive done all the others, except for 16, but i just can't do 4


i think i have to put something in the p**e=U*e+T**s part of the url

i just don't really know what im looking for

any hints would be greatly appreciated Smile thanks


Think of a SCRIPT, that would allow you to view a cookie, were you to post it into a shoutbox?

Grin


Author

RE: javascript 4 :(


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 05-09-08 21:41
Night_Stalker wrote:

Think of a SCRIPT, that would allow you to view a cookie, were you to post it into a shoutbox?

Grin


Smile)Yeah...i know.....but for the moment i was concentrating only for that pop-up....because this way that scrip won't work either and my brain will start believing that the page it's not vulnerablePfft. /index.php?submit=<script>alert("XSS"Wink</script> is not working and i don't know why....i tried in another site and it worked but not here.Sad
Author

RE: javascript 4 :(


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 06-09-08 01:50
just think of how u put a little javascript into, so HTML.... with some tags, then put the usual javascript used to get cookies. this isn't too complicated.... those articles spell it out so much.


Author

RE: javascript 4 :(


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 06-09-08 08:43
Ohhh...com on. I got it but....i had a little misunderstanding. In the articles it was said how to steal cookies from other users and not how to find a hidden cookie on a server. I mean...it's kinda different for mePfft....Thanks a lot guys, i appreciate your help.Grin
Author

RE: javascript 4 :(


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 06-09-08 18:43
You're not forcing someone else to run your XSS JS, instead you're using it to access data on your computer you didn't have access to.
Page 1 of 2 1 2 >