Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Q and A for any cross site scripting information. Feel free to ask away. 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
Pages: 12Next
Current Page: 1 of 2
XSS bootcamp
Posted by: Gareth Heyes
Date: October 02, 2007 08:18AM

I have created a simple set of XSS vectors for people wanting to learn how to perform XSS.

Check it out here:-
http://www.thespanner.co.uk/2007/10/01/xss-attacks-a-practical-example/

I've also found out that Kishor did a similar but better example with regular expressions to make the injection harder, here's his excellent example:-
http://h4k.in/xssinexcess

------------------------------------------------------------------------------------------------------------
"People who say it cannot be done should not interrupt those who are doing it.";
labs : [www.businessinfo.co.uk]
blog : [www.thespanner.co.uk]
Hackvertor : [hackvertor.co.uk]



Edited 1 time(s). Last edit at 01/21/2008 05:45PM by Ronald.

Options: ReplyQuote
XSS workshop for beginners
Posted by: Reiners
Date: September 16, 2007 09:57AM

Hi everyone,
I just want to share this little XSS workshop a friend posted to me:
http://blogged-on.de/xss/
I guess it doesnt challenge the most of you, but its good for beginners.
So if you are new to XSS, give it a try :)
have fun!



Edited 1 time(s). Last edit at 01/21/2008 05:44PM by Ronald.

Options: ReplyQuote
Re: XSS workshop for beginners
Posted by: Anonymous User
Date: September 16, 2007 11:58AM

Funny thing is - the guest book of the workshop is vulnerable like hell. I reported this months ago but no reaction...

http://preview.tinyurl.com/34okpz

http://preview.tinyurl.com/33dsfx

Options: ReplyQuote
Re: XSS workshop for beginners
Posted by: Reiners
Date: September 16, 2007 12:42PM

ohh ouch ...
well ... after you finished the XSS workshop you can proceed with the SQLi workshop :P

Options: ReplyQuote
Re: XSS workshop for beginners
Posted by: Anonymous User
Date: September 16, 2007 01:48PM

So mario: All cheaters have a small wee wee!

lol

Options: ReplyQuote
Re: XSS workshop for beginners
Posted by: sirdarckcat
Date: September 16, 2007 06:48PM

How many of you didin't look for a XSS, and just putted in the address bar..
javascript:decipher(document.forms.cipher);alert(document.forms.cipher.stream.value);
??

Greetz!!

--------------------------------
http://sirdarckcat.blogspot.com/ http://www.sirdarckcat.net/ http://foro.elhacker.net/ http://twitter.com/sirdarckcat



Edited 1 time(s). Last edit at 09/16/2007 06:51PM by sirdarckcat.

Options: ReplyQuote
Re: XSS workshop for beginners
Posted by: Ghozt
Date: September 16, 2007 10:10PM

Sirdarckcat: I'm guilty.
I don't have a small wee, honest!

- Ghozt

Options: ReplyQuote
Re: XSS workshop for beginners
Posted by: tx
Date: September 16, 2007 11:25PM

@sirdarckcat: Firebug console works just as well. :)

-tx @ lowtech-labs.org

Options: ReplyQuote
Re: XSS workshop for beginners
Posted by: Reiners
Date: September 17, 2007 06:57AM

... or adding a "<script> code </script>" to the sourcecode with opera ;)
but thats not what the workshop is about ;)

Options: ReplyQuote
Re: XSS workshop for beginners
Posted by: Anonymous User
Date: September 17, 2007 04:49PM

@Ronald: hehe - biting on the gold medal after winning is no cheating ;)

Options: ReplyQuote
Re: XSS workshop for beginners
Posted by: krazl
Date: September 24, 2007 11:16PM

Stage1:
put
<script>decipher(document.forms.cipher); alert(document.forms.cipher.stream.value); document.forms.cipher.stream.value = document.forms.cipher.stream_copy.value;</script>

in search form. Pwd : stage2

Stage2:

Options: ReplyQuote
Re: XSS workshop for beginners
Posted by: vkrisz81
Date: October 14, 2007 12:29AM

hello !
i would try to use xss ehwn use bbcode.. how can i use in that?

Options: ReplyQuote
Re: XSS workshop for beginners
Posted by: Spyware
Date: October 15, 2007 07:56AM

@vskrisz81: Create your own thread instead of stealing this one.

Options: ReplyQuote
Re: XSS workshop for beginners
Posted by: progreSS
Date: October 28, 2007 03:08AM

can anybody suggest on how to pass the third stage? :)

Options: ReplyQuote
Re: XSS workshop for beginners
Posted by: Reiners
Date: October 28, 2007 06:42AM

just hit "search" and look at the url how the country is passed. Then modify it ;)

Options: ReplyQuote
Re: XSS workshop for beginners + solve
Posted by: berz3k1
Date: October 30, 2007 06:42AM

Ok deleted :-)

-berz3k.



Edited 1 time(s). Last edit at 10/30/2007 05:59PM by berz3k1.

Options: ReplyQuote
Re: XSS workshop for beginners
Posted by: Reiners
Date: October 30, 2007 12:58PM

is there a way to hide information on this forum, like a spoiler tag? otherwise I would like to ask you, berz3k1, to remove your walkthrough that others can have the same fun :)

edit: thanks, help for others is always appreciated anyways ;)



Edited 1 time(s). Last edit at 10/31/2007 07:30AM by Reiners.

Options: ReplyQuote
Re: XSS workshop for beginners
Posted by: hakinchen
Date: November 09, 2007 09:47AM

Hi

Sorry but I see no different between the first Code and the Code of the Second from Stage2.

I would be happy about a advice.

Options: ReplyQuote
Re: XSS workshop for beginners
Posted by: Reiners
Date: November 09, 2007 10:21AM

the javascript "payload" is always the same, but on stage 2 you have to make sure that your javascript code fits into the html code correctly to get executed.

Options: ReplyQuote
Re: XSS workshop for beginners
Posted by: berz3k1
Date: November 09, 2007 08:58PM

:-) stage 6 anyone there?

-berz3k.

Options: ReplyQuote
Re: XSS workshop for beginners
Posted by: Reiners
Date: November 10, 2007 08:33AM

edit: oOps, just noticed that you are the guy with the walkthrough... so you were not asking for help, do you? ;)



Edited 2 time(s). Last edit at 11/10/2007 08:38AM by Reiners.

Options: ReplyQuote
Re: XSS workshop for beginners
Posted by: berz3k1
Date: November 12, 2007 11:05PM

Not a problem,

Some problems in stage 6 (solved), i ended the workshop and i posted something on guestbook

waiting the next stage XD

berz3k.
SYB securing!

Options: ReplyQuote
Re: XSS workshop for beginners
Posted by: Phiera
Date: January 13, 2008 05:29PM

hmmm stage 6 is making me think a little.
how do i stop it filtering out "< . anything in here. . >"?
i've tried all different translations, square brackets, but i just cant run a script.
guessing I cant call an alert without running a script can I?

Options: ReplyQuote
Re: XSS workshop for beginners
Posted by: Phiera
Date: January 15, 2008 05:35PM

Woohoo! did it, feels even better without cheating/help.
now to go apply my newly learnt knowledge to go steal cookies and breed worms.

The guest book's not there though:

"OOOoooops! Die Seite wurde nicht gefunden!
Erstmal Entschuldigung für die Umstände...
Das Auftreten dieses Fehlers kann folgende Ursachen haben: "

whatever that means.
I enjoyed that though thanks for writing/sharring it.

Options: ReplyQuote
Re: XSS workshop for beginners
Posted by: kirke
Date: January 16, 2008 01:22AM

"OOOoooops! This page was not found!
Sorry for trouble...
The occurance of this error may have following causes:"

translated word by word, but it sounds starnge (not wrong or mis-understandable) originaly too ...

Options: ReplyQuote
Re: XSS workshop for beginners
Posted by: w0ts0n
Date: January 21, 2008 08:10AM

Any examples for this site?

Gareth - thanks for the links I'm checking them out now!

Options: ReplyQuote
Re: XSS workshop for beginners
Posted by: w0ts0n
Date: January 21, 2008 08:12AM

stuck on stage 3! The annoying thing is I got it to work 5 minutes ago!!

Options: ReplyQuote
Re: XSS workshop for beginners
Posted by: Anonymous User
Date: January 21, 2008 05:47PM

NOTE: XSS workshop for beginners has been merged from 2 threads, they basically say/do the same, and it's also made sticky.

Options: ReplyQuote
Re: XSS workshop for beginners
Posted by: Gareth Heyes
Date: January 21, 2008 06:39PM

Awesome thanks Ronald!!

It saves us having to answer the same questions over and over :)

------------------------------------------------------------------------------------------------------------
"People who say it cannot be done should not interrupt those who are doing it.";
labs : [www.businessinfo.co.uk]
blog : [www.thespanner.co.uk]
Hackvertor : [hackvertor.co.uk]

Options: ReplyQuote
Re: XSS workshop for beginners
Posted by: Anonymous User
Date: January 22, 2008 07:03AM

Good work but I bet very important parts of my body that people will ask anyways - being able to search and read is a privilege ;)

Options: ReplyQuote
Pages: 12Next
Current Page: 1 of 2


Sorry, only registered users may post in this forum.