| Author | javascript 4 :( |
Member
Posts:
Location:
Joined: 01.01.70
Rank: Guest | |
ive done all the others, except for 16, but i just can't do 4
i think i have to put something in the p**e=U*e+T**s part of the url
i just don't really know what im looking for
any hints would be greatly appreciated  thanks
|
 |
| Author | RE: javascript 4 :( |
Member
Posts:
Location:
Joined: 01.01.70
Rank: Guest | |
Its a simple xss attack homie.
Check this: [spoiler removed]
You need too alert the cookie (it being in javascript challenges I thought it was a javascript injection but no). Its really simple if you understand what syntaxe too use.
Edited by on 06-08-08 01:35 |
|
|
| Author | RE: javascript 4 :( |
Member
Posts:
Location:
Joined: 01.01.70
Rank: Guest | |
I bet you're over thinking it.
http://www.hellboundhackers.org/articles/749-xss-the-complete-walkthrough.html
Read that. The answer is almost literally RIGHT in that article. |
|
|
| Author | RE: javascript 4 :( |
Member
Posts:
Location:
Joined: 01.01.70
Rank: Guest | |
moshbat wrote:
Dude! I've shown you XSS a few times!
i know lol, i still cant get it, i understand the concept, but just cant get it right lol
i just need to keep trying XD
|
|
|
| Author | RE: .. |
ravix101
Member
Posts: 8
Location: In za flow
Joined: 21.08.08
Rank: Guest | |
| Ya im sort of new ive got past the first 3 okay, but this is giving me trouble ive looked through the xss page but nothing i insert seems to work. |
|
|
| Author | RE: javascript 4 :( |
Night_Stalker
Member
Posts: 329
Location:
Joined: 01.02.07
Rank: Apprentice
Warn Level: 10
| |
Maybe this link can give you an idea??
https://www.elite. . .hp?p=52491
|
|
|
| Author | RE: .. |
ravix101
Member
Posts: 8
Location: In za flow
Joined: 21.08.08
Rank: Guest | |
| I read it but it doesnt give me any info on how to make the cookie appear. |
|
|
| Author | RE: javascript 4 :( |
Member
Posts:
Location:
Joined: 01.01.70
Rank: Guest | |
http://www.securiteam.com/securitynews/5CP052A8AU.html
It was in one of the articles, so next time try looking there first.
If you want a reference, use the search function, and search Javascript 1-4
|
|
|
| Author | RE: javascript 4 :( |
Night_Stalker
Member
Posts: 329
Location:
Joined: 01.02.07
Rank: Apprentice
Warn Level: 10
| |
Did you notice the code? How he typed a code that you would put onto a website to make the "test" pop up?
Can you think of a code/SCRIPT to put on a webpage to make a cookie pop up? Enter that after the "=" in the url you get when you click the "Use This" button.. ( http://www.hellboundhackers.org/challenges/js/js4/index.php?submit=Use+this )
~Night_Stalker
|
|
|
| Author | RE: javascript 4 :( |
Member
Posts:
Location:
Joined: 01.01.70
Rank: Guest | |
http://www.securiteam.com/securitynews/5CP052A8AU.html
It was in one of the articles, so next time try looking there first.
If you want a reference, use the search function, and search Javascript 1-4
|
|
|
| Author | RE: javascript 4 :( |
Member
Posts:
Location:
Joined: 01.01.70
Rank: Guest | |
http://www.securiteam.com/securitynews/5CP052A8AU.html
It was in one of the articles, so next time try looking there first.
If you want a reference, use the search function, and search Javascript 1-4
|
|
|
| Author | RE: javascript 4 :( |
Member
Posts:
Location:
Joined: 01.01.70
Rank: Guest | |
http://www.securiteam.com/securitynews/5CP052A8AU.html
It was in one of the articles, so next time try looking there first.
If you want a reference, use the search function, and search Javascript 1-4
|
|
|
| Author | RE: .. |
ravix101
Member
Posts: 8
Location: In za flow
Joined: 21.08.08
Rank: Guest | |
i tried [spoiler]; and it didnt work i cant really think of anything else..
Edited by Futility on 22-08-08 03:24 |
|
|
| Author | RE: javascript 4 :( |
Futility
Member
Posts: 760
Location: USA
Joined: 17.12.07
Rank: God | |
ravix101 wrote:
i tried [spoiler]; and it didnt work i cant really think of anything else..
That was the correct Javascript string. You just need to get it so you can inject it with XSS. PM me if you need help.
|
  |
| Author | RE: javascript 4 :( |
Member
Posts:
Location:
Joined: 01.01.70
Rank: Guest | |
I am stuck on this one. After completing the first 3 i read 2 hours about XSS(didn't hear about it before) and i can't get it working. I looked on the internet, found an XSS vulnerable site and i got a pop-up box . But i can't get it working on the javascript 4 link after pasting the content after the "=" symbol. Can anybody help? Thanks in advance! |
|
|
| Author | RE: javascript 4 :( |
Night_Stalker
Member
Posts: 329
Location:
Joined: 01.02.07
Rank: Apprentice
Warn Level: 10
| |
kyul wrote:
ive done all the others, except for 16, but i just can't do 4
i think i have to put something in the p**e=U*e+T**s part of the url
i just don't really know what im looking for
any hints would be greatly appreciated thanks
Think of a SCRIPT, that would allow you to view a cookie, were you to post it into a shoutbox?
|
|
|
| Author | RE: javascript 4 :( |
Member
Posts:
Location:
Joined: 01.01.70
Rank: Guest | |
Night_Stalker wrote:
Think of a SCRIPT, that would allow you to view a cookie, were you to post it into a shoutbox?
)Yeah...i know.....but for the moment i was concentrating only for that pop-up....because this way that scrip won't work either and my brain will start believing that the page it's not vulnerable. /index.php?submit=<script>alert("XSS" </script> is not working and i don't know why....i tried in another site and it worked but not here. |
|
|
| Author | RE: javascript 4 :( |
Member
Posts:
Location:
Joined: 01.01.70
Rank: Guest | |
just think of how u put a little javascript into, so HTML.... with some tags, then put the usual javascript used to get cookies. this isn't too complicated.... those articles spell it out so much.
|
|
|
| Author | RE: javascript 4 :( |
Member
Posts:
Location:
Joined: 01.01.70
Rank: Guest | |
| Ohhh...com on. I got it but....i had a little misunderstanding. In the articles it was said how to steal cookies from other users and not how to find a hidden cookie on a server. I mean...it's kinda different for me....Thanks a lot guys, i appreciate your help. |
|
|
| Author | RE: javascript 4 :( |
Member
Posts:
Location:
Joined: 01.01.70
Rank: Guest | |
| You're not forcing someone else to run your XSS JS, instead you're using it to access data on your computer you didn't have access to. |
|
|
