|
Menu |
|
|
Home |
| |
|
Discussions |
| |
|
Tools |
| |
|
Affiliates |
| |
|
Content |
| |
|
Info |
| | |
|
|
|
|
|
User Info |
|
Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 77
Members: 0
Total: 77
|
|
|
|
|
|
Full disclosure |
|
|
|
|
|
|
|
|
|
IT Security and Insecurity Portal |
|
|
XXS Question .. |
|
Posted: Sun Jun 20, 2004 1:29 pm |
|
|
SteX |
Advanced user |
|
|
Joined: May 18, 2004 |
Posts: 181 |
Location: Serbia |
|
|
|
|
|
|
Is this valid cookie..Its looks too long for md5 hash..?
I used Code: | %253cscript>alert%2528document.cookie);%253c/script> |
|
|
|
|
|
Posted: Sun Jun 20, 2004 5:29 pm |
|
|
waraxe |
Site admin |
|
|
Joined: May 11, 2004 |
Posts: 2407 |
Location: Estonia, Tartu |
|
|
|
|
|
|
"user=xxxxxxxx..." - this is base64 encoded string. You must first decode it, and after that you will see md5 hash and other components of the user information. |
|
|
|
|
Posted: Sun Jun 20, 2004 9:26 pm |
|
|
SteX |
Advanced user |
|
|
Joined: May 18, 2004 |
Posts: 181 |
Location: Serbia |
|
|
|
|
|
|
Thanks..
btw: stupid JavaScript ,i cant copy & paste user information.. |
|
_________________
We would change the world, but God won't give us the sourcecode...
....Watch the master. Follow the master. Be the master....
------------------------------------------------------- |
|
|
|
Posted: Mon Jun 21, 2004 4:03 am |
|
|
LINUX |
Moderator |
|
|
Joined: May 24, 2004 |
Posts: 404 |
Location: Caiman |
|
|
|
|
|
|
|
|
|
|
Posted: Mon Jun 21, 2004 11:18 am |
|
|
SteX |
Advanced user |
|
|
Joined: May 18, 2004 |
Posts: 181 |
Location: Serbia |
|
|
|
|
|
|
Ok
I Decoded:
Code: |
NjE0NDpTdGVYOmZiY2RiYWY2ZTM5Y2ZiNzFlMWY3NGM4NTE3NzA0MzEwOjU6OjA6MDowOjA6YXBveDow |
To
Code: |
6144:SteX:fbcdbaf6e39cfb71e1f74e8517704310:5::0:0:0:0:apox:0 |
But this is my Username,not Admin..where did i wrong..?
U use old XSS ([waraxe-2004-SA#002])
Quote: |
modules.php?name=News&file=friend&op=StorySent&title=%253cscript>alert%2528document.cookie);%253c/script> |
Respect |
|
_________________
We would change the world, but God won't give us the sourcecode...
....Watch the master. Follow the master. Be the master....
------------------------------------------------------- |
|
|
|
|
|
|
|
Posted: Mon Jun 21, 2004 4:10 pm |
|
|
vocal |
Regular user |
|
|
Joined: Jun 13, 2004 |
Posts: 18 |
|
|
|
|
|
|
|
XSS does nothing useful if YOU run it.
You are supposed to lure a user to it.
This way you will get HIS cookie.
So if you manage an admin to click on that link (of course you 'll somehow hide it), you 'll get his cookie.
You 'll have to change the javascript code though. If he clicks on a link with what you got, HE will see his cookie |
|
|
|
|
Posted: Sun Jul 18, 2004 5:41 am |
|
|
ic3 |
Regular user |
|
|
Joined: Jul 18, 2004 |
Posts: 14 |
|
|
|
|
|
|
|
Quote: | "user=xxxxxxxx..." - this is base64 encoded string. You must first decode it, and after that you will see md5 hash and other components of the user information. |
sorry for being a noob but how can you decode the base64 string into an md5 hash? |
|
_________________
|
|
|
|
Posted: Sun Jul 18, 2004 10:37 am |
|
|
waraxe |
Site admin |
|
|
Joined: May 11, 2004 |
Posts: 2407 |
Location: Estonia, Tartu |
|
|
|
|
|
|
ic3 wrote: | Quote: | "user=xxxxxxxx..." - this is base64 encoded string. You must first decode it, and after that you will see md5 hash and other components of the user information. |
sorry for being a noob but how can you decode the base64 string into an md5 hash? |
You can always use online base64 encoder/decoder at:
http://base64-encoder-online.waraxe.us/base64/base64-encoder.php |
|
|
|
|
Posted: Sun Jul 18, 2004 12:22 pm |
|
|
ic3 |
Regular user |
|
|
Joined: Jul 18, 2004 |
Posts: 14 |
|
|
|
|
|
|
|
thankyou =]
how can you tell if a thing is in base64 or not? |
|
_________________
|
|
|
|
Posted: Sun Jul 18, 2004 2:01 pm |
|
|
waraxe |
Site admin |
|
|
Joined: May 11, 2004 |
Posts: 2407 |
Location: Estonia, Tartu |
|
|
|
|
|
|
ic3 wrote: | thankyou =]
how can you tell if a thing is in base64 or not? |
If string consists only of uppercase/lowercase letters and numbers, and
maybe there is some leading "=" characters, then it CAN be base64-encoded string. To be sure, just try to base64-decode it and see, what result you will get ... |
|
|
|
|
Posted: Sun Jul 18, 2004 3:00 pm |
|
|
ic3 |
Regular user |
|
|
Joined: Jul 18, 2004 |
Posts: 14 |
|
|
|
|
|
|
|
thanks.. what other sorts of encryptions are used for these cookies? (the major ones) |
|
_________________
|
|
|
|
Posted: Sun Jul 18, 2004 10:12 pm |
|
|
SteX |
Advanced user |
|
|
Joined: May 18, 2004 |
Posts: 181 |
Location: Serbia |
|
|
|
|
|
|
sha1 |
|
_________________
We would change the world, but God won't give us the sourcecode...
....Watch the master. Follow the master. Be the master....
------------------------------------------------------- |
|
|
|
Posted: Mon Jul 19, 2004 12:13 pm |
|
|
ic3 |
Regular user |
|
|
Joined: Jul 18, 2004 |
Posts: 14 |
|
|
|
|
|
|
|
thanks again |
|
_________________
|
|
|
|
|
Base 64 decoder |
|
Posted: Mon Jul 19, 2004 8:35 pm |
|
|
slimjim100 |
Valuable expert |
|
|
Joined: Jun 09, 2004 |
Posts: 208 |
Location: USA |
|
|
|
|
|
|
|
|
|
|
|
www.waraxe.us Forum Index -> Cross-site scripting aka XSS
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|