logo
::[Home]
::[News]
::[Challenges]
::[Ranking]
::[My Account]
::[Forum]
::[Chat]
::[Private Messages]
::[Vulnerable Code]
::[Tutorials]
::[Downloads/Scripts]
::[Support]
::[Links]
::[Contact/FAQ]
::[Login]
0 anonymous
Views: 1269175 Challenges: 342
Users: 12684 Online: 0

Settings
Search
0 new posts

XSS – 4 Posts

  • 10/16/2024 13:00
    ruglud007's Avatar ruglud007 00
    Not SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot Specified
    Could anyone with experience in XSS pn me?
    I'd need some (beginners) advice.
    And, if you read this AND are qualified to answer my question: As long as you read exactly this forum thread, I've not found anyone to help me \";)\"

    -ruglud
    Edit
    Reply
    Quote
    0 Likes
  • 10/16/2024 13:00
    moose's Avatar moose 00
    Not SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot Specified
    * \"link\"Wikipedia
    * \"link\"Google
    * \"link\"StackExchange
    * \"link\"ha.ckers.org

    You could be a little bit more specific, if you want someone to PM you.
    Edit
    Reply
    Quote
    0 Likes
  • 10/16/2024 13:00
    ruglud007's Avatar ruglud007 00
    Not SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot Specified
    Yeah, I've played around with this technique on a website, so I put a simple alert order after the search part (search.php?search=-->*****<--) and when I viewed the source, the script was there, but it wasn't executed.
    So, just for educational purposes, I'd like to know why it didn't do anything\"^^\"

    -ruglud
    Edit
    Reply
    Quote
    0 Likes
  • 10/16/2024 13:00
    moose's Avatar moose 00
    Not SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot Specified
    If its only for educational purposes, you might want to post a link and discribe what you did. But I'm quite sure that its either already explained in the links I gave you or not legal to test it where you would like to test it.

    I have lerned most of the thinks I know by solving challenges and by programming. If you program a simple forum and try to abuse it, you can see where the problems are. Then take the other part and try to make it impossible to use these vulnerabilities you've just used.
    This approach takes a lot of time, a lot of thinking, reading and programing.
    You might also want to take a look at some well known forum systems like \"link\"phpBB. Their source code will be much longer than a simple forum you could write. Try to understand phpBB and some parts of the code which are relevant for security. Eventually they have comments like \"this is against XSS\", I don't know.
    You could also look at the phpBB \"link\"bug tracker. They might have some security vulnerabilities which they have already fixed there. So you could try to understand how someone could have used this vulnerability.
    Edit
    Reply
    Quote
    0 Likes