 |
|
 |
 |
Menu |
 |
|
 Home |
| |
|
 Discussions |
| |
|
 Tools |
| |
|
| Affiliates |
| |
|
 Content |
| |
|
 Info |
| | |
|
|
|
|
|
User Info |
|
 Membership:
 Latest: MichaelSnaRe
 New Today: 0
 New Yesterday: 0
 Overall: 9144
 People Online:
 Visitors: 108
 Members: 0
 Total: 108
|
|
|
|
|
|
Full disclosure |
|
|
|
 |
|
 |
 |
|
 |
IT Security and Insecurity Portal |
|
|
Anything else I can do |
|
 Posted: Sat Nov 08, 2008 7:22 pm |
 |
|
| slsl |
| Advanced user |
 |
|
| Joined: Oct 14, 2008 |
| Posts: 66 |
|
|
|
 |
|
 |
|
I found a little exploit where at the mod panel of a website there is a text area and i used a code:
| Code: | | </textarea></form><script> |
to inject any javascript i want. my question is is there anything else i can do other than create a cookie stealer and wait for the admin to visit that page? |
|
|
|
|
| Posted: Sat Nov 08, 2008 8:49 pm |
|
|
| waraxe |
| Site admin |
 |
|
| Joined: May 11, 2004 |
| Posts: 2407 |
| Location: Estonia, Tartu |
|
|
|
|
|
|
| You have stored XSS? Then you are limited to usual XSS exploit trics, like session hijack, and possibly XSRF too. You can't directly manipulate target server - because you need for this LFI, RFI, Sql Injection or similar vulnerabilities. |
|
|
|
|
| Posted: Sat Nov 08, 2008 8:58 pm |
|
|
| slsl |
| Advanced user |
|
|
| Joined: Oct 14, 2008 |
| Posts: 66 |
|
|
|
|
|
|
|
| alright so i guess ill just keep my cookie stealer up |
|
|
|
|
www.waraxe.us Forum Index -> Cross-site scripting aka XSS
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
|
