exploitable guestbooks... – 6 Posts

• exploitable guestbooks...

  12/18/2006 00:51

  aceldama 4340

  Not SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot Specified

  you can literally type anything - html, javascript, etc - not much (if anything) gets filtered. <img alt="\&quot;:idiot:\&quot;" src="%5C"> the best bit? it's virtually anonymous. you don't have to sign up or be able to leave a comment. stumbled on it by accident. anyways, here's the <a href="%5C"><img alt="\&quot;link\&quot;" src="%5C">googledork</a> to find them. loads abound. have fun - responsibly, of course.<img alt="\&quot;LOL\&quot;" src="%5C">

  Edited by aceldama 12/18/2006 00:52 ago

  Edit

  Reply

  Quote

  0 Likes
• 12/18/2006 00:51

  UnknownUser 2,7290

  Not SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot Specified

  I believe it to be poor judgement to post these kinds of things here ... albeit a bit fun ...<br><br>I'm pretty sure this is not the idea of this board.<br><br>btw whethe or not you have to sign up is irrelevant for annonimity, you need to reroute/encrypt your traffic.<br><br>using anonymous proxies, tor, anything else that bounces your connection around enough to prevent your ip to retraced.<br><br><br>to pass signup forms these three urls are inresting<br>mailinator.com<br>poolmail.com<br>bugmenot.com<br><br>only thing that could cause a problem are cc numbers, and there are plenty out there in google, that would pass the luhn 10 formula thingies..<br>

  Edit

  Reply

  Quote

  0 Likes
• 12/18/2006 00:51

  aceldama 4340

  Not SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot Specified

  the moral of the story - do not employ these things in your websites. <br><br>there are a few of these guestbooks that were even present in some myspace profiles. now, in view of the recent<a href="%5C"><img alt="\&quot;link\&quot;" src="%5C">myspace worm</a> (self-replicating code that worked solely on javascript), it would be really foolish to employ such a form of communication on their profile - let alone your website. what makes this particularly bad is that the guestbook entries are hosted on \"freeguestbook.net\" thus enabling you to bypass all the host's (in this case myspace) filters. that is, if i am correct in my deductions, it allows you to perform xss? *ahem* it's not as if i do these kind of things, i just have a rather keen interest. but thank you kindly rhican. i am a student and i am always eager to learn - albeit from the sidelines <img alt="\&quot;:wink:\&quot;" src="%5C">

  Edit

  Reply

  Quote

  0 Likes
• 12/18/2006 00:51

  aceldama 4340

  Not SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot Specified

  oh, and i use <a href="%5C"><img alt="\&quot;link\&quot;" src="%5C">temporaryinbox.com</a> to append to your list of \"temporary inboxes\". i especially like the firefox plugin these guys provide. their site is only a right-click away. <img alt="\&quot;:thumbsup:\&quot;" src="%5C"> personally, i think the advent of these sites were the best thing since sliced bread <img alt="\&quot;LOL\&quot;" src="%5C">

  Edited by aceldama 12/19/2006 18:38 ago

  Edit

  Reply

  Quote

  0 Likes
• 12/18/2006 00:51

  UnknownUser 2,7290

  Not SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot Specified

  yeah, appended thanx.<br><br><br>btw XSS isn't an issue in the way you describe it afaik. if it's externally hosted, scripts will run under the credentials of freeguestbook.net Hence not pose any additional thread to your website.<br><br>That been said, don't use it <img alt="\&quot;:)\&quot;" src="%5C">

  Edit

  Reply

  Quote

  0 Likes
• 12/18/2006 00:51

  aceldama 4340

  Not SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot Specified

  have you read the \"myspace worm\" excerpt? i don't know what else to call it. malcode maybe? but i think it's more than that. yes, maybe xss isn't the correct term to use... ...but i am blonde lol <img alt="\&quot;LOL\&quot;" src="%5C"> <br><br>edit: it's more an issue of exploiting those that are viewing your website, not your website itself. like browser redirection, stealing cookie data etc. hope that makes my point more clear. if you store sensitive data in your website, this could help gain a foothold into your system as you could compromise the security of the current user/viewer's private data. (sadly, as is the case with myspace, the badguys can do a lot of damage to whichever person is logged in and checking your profile)

  Edited by aceldama 12/19/2006 18:40 ago

  Edit

  Reply

  Quote

  0 Likes