Follow us on Twitter!
It is never to LATE to become what you never WERE.
Thursday, April 17, 2014
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 18
Guests Online: 18
Members Online: 0

Registered Members: 82813
Newest Member: VesuviusSentinel
Latest Articles
View Thread

HellBound Hackers | HellBound Hackers | Questions

Author

Will someone please explain this


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 14-12-07 03:36
ok so facebook changed the way that their "my status" feature is set up making is so that you can get rid of that annoying "IS" that it auto puts in front of what you write. So i got the idea to put sum basic javascript into the box just to see what would happen.Example: javascript:alert("uGotHacked")

but when it would post it on the page it automatically puts a space between in the word alert Example : javascript:ale rt("uGotHacked") ive played around with it for a lil while now but cant get it to let the script be written correctly.

Im sure this is some common security measure but i would like someone to explain what is happening and is there anyway around it. thanks for any feedback guys/girls.


Author

RE: Will someone please explain this


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 14-12-07 03:43
yea i don't think there is really a way. plus i don't use facebook so i have no idea what that is but i know with my space it would look like

Code
......:alert(uGotHacked)




pm me with waht you've tried.
Author

RE: Will someone please explain this


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 14-12-07 03:51
? like literally .....:alert




Author

RE: Will someone please explain this


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 14-12-07 03:54
I'm sure facebook just filters certain keywords like "alert" and "script" to display with spaces and other blockades.

Good luck getting by it, you need to hit these sorts of sites when they're young.

There was a great article on a Facebook XSS Worm, let me look it up for you.

http://www.cs.virginia.edu/felt/fbook/facebook-xss-censored.pdf

^_@
Author

RE: Will someone please explain this


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 14-12-07 04:04
i remember a while ago when myspace just had a javascript to stop the the javascript so i used firebug to delete the javascript on the page so i could post what i wanted on peoples profile. but they fixed it and i doubt that facebook has the same thing but it doesn't hurt to check the script.
Author

RE: Will someone please explain this


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 14-12-07 04:11
yea i didnt get my hopes up about an exploit on such a big site but they just made the change and i was hoping for a miracle. but i seems that i just auto spaces 3 characters after a : symbol.

thanks guys for trying to help me. Im so glad i found this place just b4 hackthissite went down. I have a new family lolGrin


Author

RE: Will someone please explain this


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 17-01-08 14:19
fallingmidget wrote:
i remember a while ago when myspace just had a javascript to stop the the javascript so i used firebug to delete the javascript on the page so i could post what i wanted on peoples profile. but they fixed it and i doubt that facebook has the same thing but it doesn't hurt to check the script.


Thanks for informing me about firebug, It's very useful Smile


Author

RE: Will someone please explain this

What_A_Legend
Member



Posts: 470
Location: On the Net
Joined: 12.04.06
Rank:
Active User
Posted on 17-01-08 14:32
Good try, but Facebook will be a hard site to exploit. Least you had ago, and they probally do have filters on certain words...I don't think you will find an exploit within the status box.


i19.photobucket.com/albums/b153/Golden_Lemur/legendsig.png

www.hellboundhackers.org/sig/r/7039.png
what_a_l3g3nd@hotmail.com www.wayneshears.com
Author

RE: Will someone please explain this

Uber0n
Member



Posts: 1963
Location: Sweden‭‮
Joined: 13.06.06
Rank:
Hacker Level 3
Posted on 17-01-08 15:39
Gamertag07v2 wrote:
yea i didnt get my hopes up about an exploit on such a big site


XSS vulnerabilities in large sites are more common than you probably think, I mean just take a look at the top pagerank list on XSSed.com Pfft

I've found XSS in Yahoo, Google, NASA, AltaVista, MSN and almost a thousand other sites (including hellboundhackers.org). My point is that it's actually easier to find a vulnerability if you're searching a bigger site since there's more content.


img230.imageshack.us/img230/724/uber0nsig3hj6.gif
http://uber0n.web. . .
Nope http://uber0n.webs.com/
Author

RE: Will someone please explain this

Uber0n
Member



Posts: 1963
Location: Sweden‭‮
Joined: 13.06.06
Rank:
Hacker Level 3
Posted on 17-01-08 17:29
dex_poet wrote:
Just wondering in general, do you want people to know you found things? I mean if it can be related to money or hacking, we always seem to be placed on the accused side.


Well I submit XSS vulnerable sites to XSSed.com and I also help people admins to patch them. I haven't used any of those vulnerabilities for malicious purposes and therefore I wouldn't say that I've hacked them at all.

I guess some people would call it 'pro-full-disclosure whitehat-ethics' or something, but I rather call it helping people to fix their security and letting other people know how to find and remove bugs and vulnerabilities. My experience is that most admins appreciate if you help them for free.

I also help patching other stuff like for example SQL problems and File Inclusion vulnerabilities, but that's never submitted to any archives Smile


img230.imageshack.us/img230/724/uber0nsig3hj6.gif
http://uber0n.web. . .

Edited by Uber0n on 17-01-08 17:30
Nope http://uber0n.webs.com/