Welcome to HBH! If you have tried to register and didn't get a verification email, please using the following link to resend the verification email.

Guestbook Hacking


Guestbook Hacking

By Mr_Cheese avatarMr_Cheese | 40841 Reads |
0     0

Hacking Guestbooks

Guestbooks are one of the most easly and most common begginer hacks. Because Guestbooks allow users to submit their information onto the website.

So if a guestbook was to not filter html commands, then that information is submitted to the website!!! See where im going with this….

So if you were to input html into your guestbook entry, that will be uploaded to the website, thus giving you control of that page.

So, steps to take when hacking a guestbook:

see if its vunerable! You can do this by inputing tags like:

or <img src=“javascript:alert(“noob”);>

If you get a whole page of code (plaintext) or a message box saying “noob” then the page is vunerable.

So now you can attack the guestbook!

to make a message pop up on the screen, you inject javascript into a <img tag or a , but sometimes [script] is disabled.

so a img tag would be like: <mg src=“javascript:alert(“noob”);>;

or if you wanted to redirect the page, you can use another tag: <img src=“javascript:void(window.location=(“http://www.google.com”)”> WoW, now that page redirects to your page! simpe huh!!

Be creative, any html command can work!

Happy Hacking.

HellBound Hackers is not responsible for any blackhat hacks you may do.

~ Mr_Cheese ~

**Edit by Mr_Cheese: STOP TRYING TO HACK GUESTBOOKS IN MY NAME. **

Comments
ghost's avatar
ghost 19 years ago

if u need help just dl my Guestbook Hacker Program

ghost's avatar
ghost 19 years ago

Why don't you just test it out by putting a real message? html body font color=red blah blah blah etc. then trying the img src=realpicture.jpg That way, you've just tested it for a vulnerability without making you look like you are going to hack it "img src=javascr!pt(etc.)" and the admin comes on line and reports your ip to your isp.

ghost's avatar
ghost 18 years ago

does it have to be javascript or can i just put in like my html code from m defacment?

Mr_Cheese's avatar
Mr_Cheese 18 years ago

any html code will work.

ghost's avatar
ghost 18 years ago

what dous it mean when i post <img src="javascript:alert('noob')"> and it comes up with a broken image?

ghost's avatar
ghost 17 years ago

it means that it's looking for that image and can't find it, so it comes up with a broken image.

ghost's avatar
ghost 17 years ago

<img src="javascript:alert('noob')">, where could i use this

ghost's avatar
ghost 17 years ago

good article but its quite hard to find guestbooks as exploitable as that though using an onerror script in an img tag like this one works in most <img src="asdf" onerror="alert(document.cookie)"/> unfortunately you cant put your own message in the alert because quotes inside quotes screws things up a bit though an infinite js loop and alert document.body.innerHTML

ghost's avatar
ghost 17 years ago

Go to dermatone.com and look at their guestbook! OMF! NINJA :ninja:

I never said I did it! I am completely innocent until proven else!

Love you :p

ghost's avatar
ghost 17 years ago

Colorfulsprinkles.com :ninja:

[img]javascript:alert('!.PWND By R3T4RD.!')[/img]

ghost's avatar
ghost 16 years ago

Damn!! i can't find any epxploitable guest book!! :angry:

ghost's avatar
ghost 16 years ago

LOL, THIS ARTICLE, LOL!

K3174N 420's avatar
K3174N 420 16 years ago

quote: Edit by Mr_Cheese: STOP TRYING TO HACK GUESTBOOKS IN MY NAME.

ROFL! XD :D:D:D

K3174N 420's avatar
K3174N 420 16 years ago

quote: Edit by Mr_Cheese: STOP TRYING TO HACK GUESTBOOKS IN MY NAME.

ROFL! XD :D:D:D

ghost's avatar
ghost 15 years ago

HAHAHAHAHAHAHA!! MR_CHEESE, LOL!!! AHHAHAHAH FUCK YOU!!!!

IbaiJoe's avatar
IbaiJoe 12 years ago

This only defaces or redirects you to the deface when someone submits an entry to the guestbook… But how would you edit your entry so that you redirect people from the index page of the site to your deface ?