Guestbook Hacking
Guestbook Hacking
Mr_Cheese | 40652 Reads | Hacking Guestbooks
Guestbooks are one of the most easly and most common begginer hacks. Because Guestbooks allow users to submit their information onto the website.
So if a guestbook was to not filter html commands, then that information is submitted to the website!!! See where im going with this….
So if you were to input html into your guestbook entry, that will be uploaded to the website, thus giving you control of that page.
So, steps to take when hacking a guestbook:
see if its vunerable! You can do this by inputing tags like:
or <img src=“javascript:alert(“noob”);>
If you get a whole page of code (plaintext) or a message box saying “noob” then the page is vunerable.
So now you can attack the guestbook!
to make a message pop up on the screen, you inject javascript into a <img tag or a , but sometimes [script] is disabled.
so a img tag would be like: <mg src=“javascript:alert(“noob”);>;
or if you wanted to redirect the page, you can use another tag: <img src=“javascript:void(window.location=(“http://www.google.com”)”> WoW, now that page redirects to your page! simpe huh!!
Be creative, any html command can work!
Happy Hacking.
HellBound Hackers is not responsible for any blackhat hacks you may do.
~ Mr_Cheese ~
**Edit by Mr_Cheese: STOP TRYING TO HACK GUESTBOOKS IN MY NAME. **
ghost 18 years ago
Why don't you just test it out by putting a real message? html body font color=red blah blah blah etc. then trying the img src=realpicture.jpg That way, you've just tested it for a vulnerability without making you look like you are going to hack it "img src=javascr!pt(etc.)" and the admin comes on line and reports your ip to your isp.
ghost 17 years ago
does it have to be javascript or can i just put in like my html code from m defacment?
ghost 17 years ago
what dous it mean when i post <img src="javascript:alert('noob')"> and it comes up with a broken image?
ghost 17 years ago
it means that it's looking for that image and can't find it, so it comes up with a broken image.
ghost 17 years ago
good article but its quite hard to find guestbooks as exploitable as that though using an onerror script in an img tag like this one works in most <img src="asdf" onerror="alert(document.cookie)"/> unfortunately you cant put your own message in the alert because quotes inside quotes screws things up a bit though an infinite js loop and alert document.body.innerHTML
ghost 16 years ago
Go to dermatone.com and look at their guestbook! OMF! NINJA :ninja:
I never said I did it! I am completely innocent until proven else!
Love you :p
K3174N 420 15 years ago
quote: Edit by Mr_Cheese: STOP TRYING TO HACK GUESTBOOKS IN MY NAME.
ROFL! XD :D:D:D
K3174N 420 15 years ago
quote: Edit by Mr_Cheese: STOP TRYING TO HACK GUESTBOOKS IN MY NAME.
ROFL! XD :D:D:D
IbaiJoe 12 years ago
This only defaces or redirects you to the deface when someone submits an entry to the guestbook… But how would you edit your entry so that you redirect people from the index page of the site to your deface ?