|
|
|
|
Menu |
|
|
Home |
| |
|
Discussions |
| |
|
Tools |
| |
|
Affiliates |
| |
|
Content |
| |
|
Info |
| | |
|
|
|
|
|
User Info |
|
Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 39
Members: 0
Total: 39
|
|
|
|
|
|
Full disclosure |
|
|
|
|
|
|
|
|
|
IT Security and Insecurity Portal |
|
|
i have some problems in new injection |
|
Posted: Sat May 22, 2004 7:14 pm |
|
|
kinG-Radi |
Beginner |
|
|
Joined: May 22, 2004 |
Posts: 2 |
Location: iran |
|
|
|
|
|
|
hi...
i like your dirty codes but i have some problem with some thats...
i cant understand this. ..
if you can got me some xss cod e or say some thing about xss code (xss code needed for hacking) for exampel domain
www.rashtmarket.com
you do all levels 4 hacking this domain
with xss needed code
with best regards
byebye |
|
|
|
|
|
|
|
|
Posted: Sun May 23, 2004 2:54 am |
|
|
icenix |
Advanced user |
|
|
Joined: May 13, 2004 |
Posts: 106 |
Location: Australia |
|
|
|
|
|
|
Mainly XSS / Cross-Site scripting just consists of basic java / html interpreted commands to do malicious stuff.
take for example:
http://localhost/nuke73/modules.php?name=News&file=article&sid=1&optionbox=[xss]
we can use this to gather the session ID from the site your currently at by pulling these commands:
Code: |
<body onload=alert(document.cookie);>
<script>alert(document.cookie);</script>
|
etc..
the only REAL thing that you would want is to pull the cookie..
in all and all, this could lead to session hijacking.
by knowing the session ID of a user, you can then just browse to the site and be "logged in" as this user.
there are ways if you set up a server to logg the SID's from the website, but i really dont know it and im not too much interested in XSS.
but there are tutorials out there if your facinated with it.
try here: http://packetstormsecurity.nl/papers/web/xss-faq.txt
Hope i helped |
|
|
|
|
|
|
|
|
Posted: Sun May 23, 2004 3:30 am |
|
|
waraxe |
Site admin |
|
|
Joined: May 11, 2004 |
Posts: 2407 |
Location: Estonia, Tartu |
|
|
|
|
|
|
There are xss-filters in PhpNuke against GET requests. If no additional
security measures are used (Fortress, etc), then by using
Code: |
<body onload=alert(document.cookie);></body>
|
by POST request you can evade xss-filters and steal the cookie. And
from cookie you will find user's password md5 hash... |
|
|
|
|
|
mmm :( |
|
Posted: Sun May 23, 2004 4:35 am |
|
|
kinG-Radi |
Beginner |
|
|
Joined: May 22, 2004 |
Posts: 2 |
Location: iran |
|
|
|
|
|
|
i cant do it
i see just this tags
this hope patched
or see
Quote: | the html tags you attempted to use are not allowed |
tnx for your css txt
anyway
i have some question...
1-have you any new injection just 4 phpbb?
in my country sites is very slow and got the many times for updated
so hackers can have many defaces |
|
|
|
|
Posted: Sun May 23, 2004 4:43 am |
|
|
waraxe |
Site admin |
|
|
Joined: May 11, 2004 |
Posts: 2407 |
Location: Estonia, Tartu |
|
|
|
|
|
|
PhpBB is very secure software and I don't think that anynone will find
any serious sql injections there anymore (i mean 2.x versions).
And as you can see, I too use phpBB, and it's not been defaced yet |
|
|
|
|
www.waraxe.us Forum Index -> Cross-site scripting aka XSS
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
|