Welcome to HBH! If you have tried to register and didn't get a verification email, please using the following link to resend the verification email.

xss


xss

By ghostghost | 4298 Reads |
0     0

===[ How I found out my first-real XSS ]===[ 0x702ch ]==========================

Ok, actually it is not the first-real, but misconfigured guestbooks doesn’t count. When I started here on hbh I was in the process of realising that hacking is not (just) about rooting boxes or manipulating servers. The words exploitation, injection and scripting come to my mind. I googled the term ‘xss’ and found a lot of information on it. (I still have what to learn) http://en.wikipedia/Wiki and http://ha.ckers.org are sites I recommed for you. I first thought that xss is just the toy of the wanna be skiddies, but sonn realized that I was in a deep mistake. I set up a cookie stealer, and experimented with it, then I completed two realistic challenges on hts, one of which contained ‘cookie stealing’. Then one day when I was just bored, tired of school,… I got up on hbh and went to the realistic 8 page. Well it says that I should use a proxy. Nothing interesting …but wait!It says that they log my referrer and it is printed in plain-text to the html source. I changed my referrer with RefControl to: alert(‘xss’); and nothing happened! But I was cool enough to check the source and I noticed that it doesn’t escaped the < and > tags! It only escaped the ‘,“ and / characters! Ok I tried this: a=1337;alert(a); and it worked! I was so happy that I found an xss hole. (or just found that the referrer isn’t filtered for special characters) I wasn’t able to modify the page or add any content to it, but I didn’t give up and checked ha.ckers.org and there I found an interesting function: String.fromCharCode(88,83,83); it expands to “XSS”. The numbers are the ascii values of the characters. Now I can construct strings without ’ or “. But what can I do with this? Well I tried to redirect the page to my cookie stealer! And it worked. To fastly construct any string I wrote a small C program that outputs a string in ascii each character seperated by commas. So I put this string into it:

It expanded to a couple of numbers which I pasted to my referrer:

I refreshed and it took me to my site, I checked the log and yes there were my cookies! You may think that this was useless but let me explain how could I use this!(SE) Say I start a new thread and say that I have found an easter egg in one of hbh’s realistic missions! To view it install RefControl [link here] and paste this code into it: code here It is a series of JS function calls and their arguments and you must use this form because ’ and “ are filtered. After that how many of you was to check the code? And how many was to use it! And what I would have are some nice cookies. But instead of doing this all, I reported the bug/exploit to Mr_Cheese and he quickly fixed it. Later when I asked him about the HoF he said that with this I can’t get into it. (cookie stealing and SE doesn’t count) Okay, said I, no problem I don’t wrote this article to force myself in the HoF, I understand him. This is just part of the story. And this is the big end!

Comments
ghost's avatar
ghost 18 years ago

CRITICISM

  1. Use spacing, and line breaks [ENTER]
  2. Good job, tho, dude – keep writing.

bl4ckc4t's avatar
bl4ckc4t 18 years ago

Not too bad. 9/10 BC

ghost's avatar
ghost 18 years ago

Add some spacing, may make it little more readable ;) But great info nonetheless :D

AldarHawk's avatar
AldarHawk 18 years ago

well written. not too much of a NEW hack just bad coding on the coder of Real 8 ;) But Nice…7/10

ghost's avatar
ghost 18 years ago

Just like to say that I think that there is more damage which can be done with XSS than cookie stealing which I think Mr_Cheese sometimes ignores, CSRF. I may write and article on it actually

ghost's avatar
ghost 18 years ago

Just like to say that I think that there is more damage which can be done with XSS than cookie stealing which I think Mr_Cheese sometimes ignores, CSRF. I may write and article on it actually

ghost's avatar
ghost 18 years ago

Just like to say that I think that there is more damage which can be done with XSS than cookie stealing which I think Mr_Cheese sometimes ignores, CSRF. I may write and article on it actually

ghost's avatar
ghost 18 years ago

Just like to say that I think that there is more damage which can be done with XSS than cookie stealing which I think Mr_Cheese sometimes ignores, CSRF. I may write and article on it actually

SySTeM's avatar
SySTeM 18 years ago

Dude, that thing about real8, I got HoF for that which is probably why you didn't ;)

ghost's avatar
ghost 18 years ago

lol this isn't new, system did it…. lol

ghost's avatar
ghost 18 years ago

:evil:

bahpomet1105's avatar
bahpomet1105 8 years ago

not bad man kinda awesome but please space better.