Follow us on Twitter!
One mans freedom fighter, another's terrorist.
Saturday, April 19, 2014
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 22
Guests Online: 20
Members Online: 2

Registered Members: 82839
Newest Member: fezphantom
Latest Articles
View Thread

HellBound Hackers | HellBound Hackers | Questions

Author

XSS Me


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 25-08-08 03:32
Hey there I am booted in Backtrack 3, awesome for you non-users. Well I just used XSS Me on a target and out of 324 tests 323 passes and 1 returned a warning.
This is the warning:
#

* VTI-GROUP: 0

# Result Details:

*
o Test had Warnings
o The attack string was found in the html of the document
o Test value: ¼script¾document.vulnerable=true;¼/script¾

I am not an XSS expert at all. This is confusing to me if someone would please explain more in depth.


Author

RE: XSS Me

spyware
Member



Posts: 4192
Location: The Netherlands
Joined: 14.04.07
Rank:
God
Warn Level: 90
Posted on 25-08-08 03:38
What's your target?



img507.imageshack.us/img507/3580/spynewsig3il1.png
"The chowner of property." - Zeph
[small]
Widespread intellectual and moral docility may be convenient for leaders in the short term,
but it is suicidal for nations in the long term.
- Carl Sagan
“Since the grid is inescapable, what were the earlier lasers about? Does the corridor have a sense of humor?” - Ebert
[/s
http://bitsofspy.net
Author

RE: XSS Me


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 25-08-08 05:33
chronicburst wrote:
Hey there I am booted in Backtrack 3, awesome for you non-users. Well I just used XSS Me on a target...
I am not an XSS expert at all. This is confusing to me...


Tools are meant to expedite the discovery of vulnerabilities by those that are knowledgeable enough to find them on their own. Without a basic knowledge of XSS, you cannot expect to exploit it.

You must use it to know how to EXPLOIT IT!

So, close out of Backtrack, open up your Windows machine, Google "XSS", read something that looks educational, test in a VM to gain technique... then, come back to it when you know at least enough of what you're doing to actually do it.


Author

RE: XSS Me


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 25-08-08 06:18
chronicburst, I hope you are not sending an over-whelming amount of requests to a site which you have no permission to pentest. That would be dumb; very dumb if you are doing it directly from your own box.


Author

RE: XSS Me


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 25-08-08 06:52
Well as much as I would like to stay and get myself out of this one.. I will be on my windows box googling XSS, which yes I know is Cross Site Scripting.. Thanks moshbat.


Author

RE: XSS Me


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 25-08-08 06:57
chronicburst wrote:
Well as much as I would like to stay and get myself out of this one.. I will be on my windows box googling XSS, which yes I know is Cross Site Scripting.. Thanks moshbat.


Good. Don't cut corners... educate yourself. 'A' comes before 'Q'; take small steps.


Author

RE: XSS Me


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 25-08-08 09:34
I dont get what your asking

it says what it has done (put a script box in a field and get a response)
put a javascript alert box in that field you will get a popup box put other scrpits in get other things happening
http://www.w3scho. . .efault.asp


Author

RE: XSS Me


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 25-08-08 09:43
Zephyr_Pure wrote:
Good. Don't cut corners... educate yourself. 'A' comes before 'Q'; take small steps.


Not on a QWERTY keyboard Pfft


Author

RE: XSS Me


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 25-08-08 18:17
So because I am using a VTI_Group: 0... This means I have to use this vulnerability to exploit locally, because it is a group 0 class vulnerability?


Author

RE: XSS Me


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 29-08-08 08:21
javascript: alert("test"Wink

Now I am sort of confused by this. And I do not know if this has to do with XSS or not, but correct me if I am wrong. This means I am injecting javascript and when it successfully outputs "test" the javascript is fully executed on the remote server... So would this not be a hole? I can't see how it wouldn't be a hole. It seems it must. XSS or not. Well not XSS because thats cross site, could I bring that into the picture via a method of javascript injection.. I am so confused by all of this. I can't find an example of what an xss hole would look like.


Author

RE: XSS Me

clone4
Member



Posts: 586
Location: He is back and he's bad!
Joined: 25.11.07
Rank:
Mad User
Posted on 29-08-08 09:09
chronicburst wrote:
javascript: alert("test"Wink

Now I am sort of confused by this. And I do not know if this has to do with XSS or not, but correct me if I am wrong. This means I am injecting javascript and when it successfully outputs "test" the javascript is fully executed on the remote server... So would this not be a hole? I can't see how it wouldn't be a hole. It seems it must. XSS or not. Well not XSS because thats cross site, could I bring that into the picture via a method of javascript injection.. I am so confused by all of this. I can't find an example of what an xss hole would look like.


ok if you put this in the url bar(javascript:alert(/xss/);, it will be executed by the browser, not by the server. I'd say most common xss is in search query, such as
http://24hourhiphop.com/search.php?query=aa%22%3E%3Cscript%3Ealert(/xss/)%3C/script%3E&Submit=Search
if you then check the source, you will see that all you type in the query is displayed on the server, therefor executed... Usually you will be using "><script>alert(/something/)</script> (again I'd say most common string used). First off you close any tag, in which query text might have been included and then you just input your script/html/whatever you want. However this type of XSS is only usable to steal cookies, as it's not constantly displayed by the server ( as e.g. on guestbook ). But xss is not bound just on this example, you will find xss in many more places, within post and get requests etc.



[img][/img]img164.imageshack.us/img164/5713/perlvl0.jpg

clone4.freehostia.com/ubuntu_3.png
spyware - "They see me trollin'..."
<yaragn> ever seen that movie? The Matrix?
<yaragn> with those green lines of flying text?
<yaragn> *THAT'S* Perl



Edited by clone4 on 29-08-08 09:10
clone_4@hotmail.com
Author

RE: XSS Me


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 29-08-08 23:52
So then how would I notice a vulnerability. So I would start by going through the source code in full and looking for "sub-sites" per say, and then.. Im cutting myself off. I need to read and ebook. Wikipedia was of no help other than categorizing the types.


Author

RE: XSS Me

spyware
Member



Posts: 4192
Location: The Netherlands
Joined: 14.04.07
Rank:
God
Warn Level: 90
Posted on 30-08-08 00:40
chronicburst wrote:
So then how would I notice a vulnerability.


Input filtering.

It's bad, it's rad, and it's totally sad.



img507.imageshack.us/img507/3580/spynewsig3il1.png
"The chowner of property." - Zeph
[small]
Widespread intellectual and moral docility may be convenient for leaders in the short term,
but it is suicidal for nations in the long term.
- Carl Sagan
“Since the grid is inescapable, what were the earlier lasers about? Does the corridor have a sense of humor?” - Ebert
[/s
http://bitsofspy.net
Author

RE: XSS Me


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 30-08-08 06:38
Well what do you know, I found a search bar on the server.
/search_site/search.htm
This is what I am going to start with. Now I will need to see if the search is running via a external site?
Haha and of course it is,
Powered by:
http://www.atomz.com/




Edited by on 30-08-08 06:57
Author

RE: XSS Me


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 30-08-08 07:07
Are you implying that xss is easy?


Author

RE: XSS Me


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 30-08-08 10:29
chronicburst wrote:
Are you implying that xss is easy?


It's as easy as the developer is lax.
Author

RE: XSS Me

spyware
Member



Posts: 4192
Location: The Netherlands
Joined: 14.04.07
Rank:
God
Warn Level: 90
Posted on 30-08-08 11:35
chronicburst wrote:
Are you implying that xss is easy?


XSS is about inputting HTML/JS. HTML is easy. JS can be either pretty easy or extremely complicated.

You're still at the easy part, so, yeah, XSS is easy. For now.



img507.imageshack.us/img507/3580/spynewsig3il1.png
"The chowner of property." - Zeph
[small]
Widespread intellectual and moral docility may be convenient for leaders in the short term,
but it is suicidal for nations in the long term.
- Carl Sagan
“Since the grid is inescapable, what were the earlier lasers about? Does the corridor have a sense of humor?” - Ebert
[/s
http://bitsofspy.net