Follow us on Twitter!
Don't judge the unknown - Grindordie
Monday, April 21, 2014
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 24
Guests Online: 23
Members Online: 1

Registered Members: 82856
Newest Member: djtonyg
Latest Articles
View Thread

HellBound Hackers | Computer General | Web hacking

Page 1 of 2 1 2 >
Author

Small XSS hole


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 01-11-07 20:11
Hi
I was recently messing around on my college website and I found a few security holes and stuff which are quite serious i think.

You have to log in to use the college email thing which means if i send via email a link to a page that iv xss'd then i could do loads of stuff.

I also found out that the users md5 pass hashes are stored in a hidden from in the edit profile page, and that to change your pass you only need to be logged in, you dont need to reenter your password or anything!!!.

Im not sure how i could do this so any help would be appreciated but how could i get an external script to grab the users md5 hashQ
i think it would be easiest with javascript but im not sure.
also the edit profile pages and stuff have the same url for everyone which makes it simpler

i dont plan on causing any damage, just messing with it for the sake of knowledge.

thanks in advance



Author

RE: Small XSS hole


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 01-11-07 21:17
You could do a CSRF that loads the edit profile page and then run a script that takes the hash thru DOM and parse it into your own logger? Or just thru XSS you can do a location.href i think it is and point it to your website with a cookie logger...


Author

RE: Small XSS hole


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 01-11-07 21:42
or

document.body.innerHTML("HTML CODE HERE"Wink;

like:

document.body.innerHTML("<HTML><BODY onload="cookielogger_script()"></BODY></HTML>Wink;

something like that...


Author

RE: Small XSS hole


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 01-11-07 21:48
i dont think i explained it properly, i dont need the cookies. I just want to know how i could grab the page source of another page using xss.

thanks for the replys anyway


Author

RE: Small XSS hole


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 01-11-07 21:50
oh lol

well maybe you could do something like this:

vieww-source:URL

and then copy the contents of the URL into a txt file...

but that's kinda complicated I think (and I don't even know if that would work...)


Author

RE: Small XSS hole


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 01-11-07 21:56
ok thanks,
im doing some research and stuff, trying to find out about it but if anyone knows how; it would really be appreciated


Author

RE: Small XSS hole


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 01-11-07 21:59
why do you need a script to copy the source of a page anyway? Can't do it manually?


Author

RE: Small XSS hole


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 01-11-07 22:25
no, il explain it again but a bit better this time i hope

when you are logged in and you goto the edit profile page the md5 password hashes are in a hidden form which you can only see in the source or using the webdeveloper toolbar.

I found an xss hole that i think il be able to entice other users to click whilst logged in.
i want to make some script which will be executed when they go to the xss'd page that will grab the source of the edit profile page.

i could do it manually as you said but i would only be getting my own hash which would be pointless.



Author

RE: Small XSS hole


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 01-11-07 22:37
oh I see...so when an admin logs in and clicks that link, it logs their hash?

I think you can do that..do you know what variable the hash is set to?


Author

RE: Small XSS hole


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 01-11-07 22:46
Skunkfoot wrote:
oh I see...so when an admin logs in and clicks that link, it logs their hash?

I think you can do that..do you know what variable the hash is set to?



you mean like the form idQ because iv got that
heres the snippet of source code for the profile edit page
Code
<INPUT TYPE="hidden" NAME="password" VALUE="md5 hash here">
<INPUT TYPE="hidden" NAME="verifyPassword" VALUE="md5 hash here">




i want to be able to get the values from them from another page is that do-ableQ


Author

RE: Small XSS hole


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 01-11-07 22:49
you mean like the form idQ because iv got that
heres the snippet of source code for the profile edit page
Code
<INPUT TYPE="hidden" NAME="password" VALUE="md5 hash here">
<INPUT TYPE="hidden" NAME="verifyPassword" VALUE="md5 hash here">




i want to be able to get the values from them from another page is that do-ableQ[/quote]

hmmm...

could you do some js or something?

EX:
javascript:void(document.body.form_name.password="admin md5 hash");

I don't know how you'd write that to a txt file though...someone here knows, just not me :)


Author

RE: Small XSS hole

spyware
Member



Posts: 4192
Location: The Netherlands
Joined: 14.04.07
Rank:
God
Warn Level: 90
Posted on 01-11-07 22:50
Easy, first store the md5 hash into a variable and set it as a cookie using Javascript. Now, just continue with your cookie-logging method and your done.



img507.imageshack.us/img507/3580/spynewsig3il1.png
"The chowner of property." - Zeph
[small]
Widespread intellectual and moral docility may be convenient for leaders in the short term,
but it is suicidal for nations in the long term.
- Carl Sagan
“Since the grid is inescapable, what were the earlier lasers about? Does the corridor have a sense of humor?” - Ebert
[/s
http://bitsofspy.net
Author

RE: Small XSS hole


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 01-11-07 23:02
ok thanks il get coding some js and il let you know if it works or not.


thanks again for all the replys


Author

RE: Small XSS hole


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 01-11-07 23:03
sure man Pfft


Author

RE: hmmm


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 02-11-07 01:04
Correct me if im wrong here but....Couldnt he get in quite a great bit of trouble regaurdless of any damage done? I mean i recall someone who would putz around a bit with various sites to find wholes and then actully report them to the site so that they could fix them and even he got in quite a bit of shit...I dont know i just wouldnt think messing around with a colleges site would be a grand idea...especially if its your own college. But hey i dont know i could be wrong
Author

RE: Small XSS hole


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 02-11-07 01:11
noober wrote:
Correct me if im wrong here but....Couldnt he get in quite a great bit of trouble regaurdless of any damage done? I mean i recall someone who would putz around a bit with various sites to find wholes and then actully report them to the site so that they could fix them and even he got in quite a bit of shit...I dont know i just wouldnt think messing around with a colleges site would be a grand idea...especially if its your own college. But hey i dont know i could be wrong


This is called "hacking".

It's very safe and legal, I'm sure if you ask an AOL representative about it they will confirm that there's no harm to be done, and sysadmins are open and friendly to "hackers".

Happy trails!
Author

RE: Small XSS hole


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 02-11-07 01:36
lmao

he's absolutely right though. Unless a sysadmin's stuff gets messed up, they usually won't care what you try. Especially if, when you find something exploitable, you tell them about their vulnerability and/or how to fix it. Grin


Author

RE: haha


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 02-11-07 02:26
i suppose, just doesn't always seem to hold true such as in the case i mention.
Author

RE: Small XSS hole


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 02-11-07 02:35
well man if i was a sysadmin and a hacker emailed me about a vul. in my website and how to fix it....man i would be very thankfull he helped me.....i dunno....maybe just me Smile i think most people like being helped hahah
Author

RE: Small XSS hole


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 02-11-07 02:40
noober wrote:
i suppose, just doesn't always seem to hold true such as in the case i mention.


that's why you don't tell them, and thus don't get caught.
Page 1 of 2 1 2 >