Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Where you should disclose your vulnerabilities. Go read RFPolicy if you want to do responsible disclosure, and go here for when all else fails. 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
How to hide your XSS & Yahoo XSS
Posted by: nemessis
Date: July 08, 2007 06:25PM

The ideea is very simple. I use another page to extract the cookie data from Yahoo webmail (using an Yahoo XSS of course). This is not an Yahoo exploit, Yahoo webmail and Yahoo webmessenger are just some examples of how this can work. The most important thing actually is the php file who don't let anyone to see the xss address if is smart enough to check the page source. This is far to be the best stealth method but i think that is a good beggining and i'm still working on it.

Video tutorial: http://rapidshare.com/files/41815551/STEALTH_XSS.wmv.html
Files used in the video: http://rapidshare.com/files/41815757/xssstealth.rar.html

If you wanna test the method don't forget to replace the content from css3.js with your script.

Options: ReplyQuote
Re: How to hide your XSS & Yahoo XSS
Posted by: nktpro
Date: September 29, 2007 04:46PM

Great find buddy! :)

Options: ReplyQuote


Sorry, only registered users may post in this forum.