how to hack guestbooks
I have read all the articles about this. Googled this and asked a friend still i cannot get help. The codes for a broken or alerts like <img src="javascript:void(window.location=('http://www.google.com'))"> just display the code and not a alert box please help me. I realize that code above is not a alert box :).
PS dont flame me please! Takes out fire extiguiser :wow:
z3ro wrote: html has to be enabled for code to be run :P. z3ro, r u taking drugs?
OK, man. You can use XSS (Cross Side Scripting) just in case that gb is vulnerable on that attack (input to gb isn't cheked against using of tags, that means programmer didn't use functions on it like: htmlspecialchars or htmlentities (they also use strip_tags, but I don't recommend this one)
And z3ro: beware of taking drugs, it ruins you :happy:
bushido wrote: I have read all the articles about this. Googled this and asked a friend still i cannot get help. The codes for a broken or alerts like <img src="javascript:void(window.location=('http://www.google.com'))"> just display the code and not a alert box please help me. I realize that code above is not a alert box :).
PS dont flame me please! Takes out fire extiguiser :wow:
Btw that's way fucking wrong. It looks somethign like this:
<img src="error.gif" onerror="alert('slpctrl pwnz j000000');">
z3ro wrote: WEll now. No fucking shit the tags were stripped. Thats why his code didnt run. Most guestbooks give u an option to allowing users to put html in their post. If this option tags will be stripped and code not run. =html not enabled
Lol, you get stopped by a simple defense mechanism like that? Join sla.ckers.org or something, you might learn something.