Follow us on Twitter!
The important thing is not to stop questioning. - Albert Einstein
Thursday, April 24, 2014
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 25
Guests Online: 22
Members Online: 3

Registered Members: 82889
Newest Member: Geriztul
Latest Articles
View Thread

HellBound Hackers | HellBound Hackers | Bugs

Author

XSS Exploit found


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 30-07-07 06:55
Some admin or mod pm me. I do not want to post it on the forums. I promise, it is definately an XSS exploit.
Author

RE: XSS Exploit found


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 30-07-07 06:56
*frantically begins search of exploit* ^_^


Author

RE: XSS Exploit found


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 30-07-07 09:32
Good work dude!! Go for HoF! Dont send you exploit, first try to hack something with it!


Author

RE: XSS Exploit found


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 30-07-07 10:29
Good work Apollo maybe it can be helpful:
http://www.portcu. . .com/16.php


Author

RE: XSS Exploit found

Uber0n
Member



Posts: 1963
Location: Sweden‭‮
Joined: 13.06.06
Rank:
Hacker Level 3
Posted on 30-07-07 11:10
There are some XSS holes in this site, no doubt about that Pfft

Cheese promised me HoF for one I found some months ago, but it hasn't been patched yet :angry:


img230.imageshack.us/img230/724/uber0nsig3hj6.gif
http://uber0n.web. . .
Nope http://uber0n.webs.com/
Author

RE: XSS Exploit found

mido
Member

Your avatar

Posts: 613
Location: Cairo, Egypt
Joined: 27.01.07
Rank:
Monster
Posted on 30-07-07 11:47
Yeh, in the msg system...enoughPfft


www.hellboundhackers.org/sig/r/16019.png

mido_eg3[at]hotmail.com
Author

RE: XSS Exploit found


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 30-07-07 11:56
No HoF for simple XSS becouse hbh have ip encrypted cookies, so try to use the vuln to exploit something different that a cookie stealer. I readed something like persistent xss that worked as keyloggers, but idk more.


Author

RE: XSS Exploit found

mido
Member

Your avatar

Posts: 613
Location: Cairo, Egypt
Joined: 27.01.07
Rank:
Monster
Posted on 30-07-07 12:04
This may be good...


This is the best XSS Paper i've seen...!! <<but in torrent>>


www.hellboundhackers.org/sig/r/16019.png

mido_eg3[at]hotmail.com
Author

RE: XSS Exploit found


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 30-07-07 13:23
Why don't you pm admins?


Author

RE: XSS Exploit found

mido
Member

Your avatar

Posts: 613
Location: Cairo, Egypt
Joined: 27.01.07
Rank:
Monster
Posted on 30-07-07 13:24
he did i think...


www.hellboundhackers.org/sig/r/16019.png

mido_eg3[at]hotmail.com
Author

RE: XSS Exploit found


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 31-07-07 08:26
Finding XSS holes on this site isn't hard, there's a few of mine listed on the bugs page. Larika: stealing cookies isn't nearly the only thing that can be done with XSS.

Note how this site doesn't require your old password to change your current password or your email address.

It would be quite possible to create an XSS which changes your current password to a random long string, changes your email address to mine and then sends me your new password. I've just stolen your account.

Alternatively if you have told your browser to store your username and password for your account I can steal that (which of course is in plaintrext). I did that to Cheese, that's how I got the HoF entry.

I can send you to another site to XSS you there.
I can do recon on your borwser (check your browsing history, what extensions you have installed etc)

XSS is NOT only for stealing cookies and XSS holes should therefore be fixed quickly.