|
|
|
|
Menu |
|
|
Home |
| |
|
Discussions |
| |
|
Tools |
| |
|
Affiliates |
| |
|
Content |
| |
|
Info |
| | |
|
|
|
|
|
User Info |
|
Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 87
Members: 0
Total: 87
|
|
|
|
|
|
Full disclosure |
|
|
|
|
|
|
|
|
|
IT Security and Insecurity Portal |
|
|
Help with XSS needed |
|
Posted: Wed Sep 30, 2009 12:17 pm |
|
|
Hanna313 |
Active user |
|
|
Joined: Dec 17, 2008 |
Posts: 26 |
|
|
|
|
|
|
|
Hello,
I found a website which is vulnerable to XSS.
It is a webshop, and customers can check the status of their order by a login.
So I think that the login time is only temporarily.
When I enter this in a searchbox <script>alert("test");</script>
the website gives a pop-up which says "test".
The website doesnt add this to the URL but gives a output in the title of the browser.
I dont know what else I can do/try now, so maybe you people could give me some ideas/suggestions of what I can input and the results I can get.
Thanks in advance, Hanna |
|
|
|
|
Posted: Wed Sep 30, 2009 1:03 pm |
|
|
Cro |
Beginner |
|
|
Joined: Sep 30, 2009 |
Posts: 3 |
|
|
|
|
|
|
|
I don't know XSS much but you should learn it by tutorials, only things I know u can spreed your trojan/rat etc. And some things with cookies etc. View some tutorials |
|
|
|
|
Posted: Wed Sep 30, 2009 1:41 pm |
|
|
Hanna313 |
Active user |
|
|
Joined: Dec 17, 2008 |
Posts: 26 |
|
|
|
|
|
|
|
Yeah I did but they aren't very clear about how to exploit a XSS vulnerability.
So maybe someone personal has a suggestion... |
|
|
|
|
Posted: Wed Sep 30, 2009 1:47 pm |
|
|
Cro |
Beginner |
|
|
Joined: Sep 30, 2009 |
Posts: 3 |
|
|
|
|
|
|
|
where did u learnd it ? try to read some papers in milw0rm.. |
|
|
|
|
Posted: Wed Sep 30, 2009 3:55 pm |
|
|
lunarbeam |
Beginner |
|
|
Joined: Sep 28, 2009 |
Posts: 3 |
|
|
|
|
|
|
|
Pretty basic stuff, but might help:
Full Disclosure - XSS Part 1
Code: | http://www.youtube.com/watch?v=WZCXIrW0xZ0 |
Full Disclosure - XSS Part 2
Code: | http://www.youtube.com/watch?v=JBpG2fie_aA |
|
|
|
|
|
Posted: Thu Oct 01, 2009 8:21 am |
|
|
Hanna313 |
Active user |
|
|
Joined: Dec 17, 2008 |
Posts: 26 |
|
|
|
|
|
|
|
Thanks, these videos look very helpful! |
|
|
|
|
www.waraxe.us Forum Index -> All other hashes
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
|