javascript 4 :(

ive done all the others, except for 16, but i just can't do 4

i think i have to put something in the pe=U*e+Ts part of the url

i just don't really know what im looking for

any hints would be greatly appreciated :) thanks

Its a simple xss attack homie. Check this: [spoiler removed]

You need too alert the cookie (it being in javascript challenges I thought it was a javascript injection but no). Its really simple if you understand what syntaxe too use.

I bet you're over thinking it.

http://www.hellboundhackers.org/articles/749-xss-the-complete-walkthrough.html

Read that. The answer is almost literally RIGHT in that article.

moshbat wrote: Dude! I've shown you XSS a few times!

i know lol, i still cant get it, i understand the concept, but just cant get it right lol

i just need to keep trying XD

Ya im sort of new ive got past the first 3 okay, but this is giving me trouble ive looked through the xss page but nothing i insert seems to work.

Maybe this link can give you an idea??

https://www.elitehackers.info/forums/showthread.php?p=52491

I read it but it doesnt give me any info on how to make the cookie appear.

http://www.securiteam.com/securitynews/5CP052A8AU.html

It was in one of the articles, so next time try looking there first. If you want a reference, use the search function, and search Javascript 1-4

Did you notice the code? How he typed a code that you would put onto a website to make the "test" pop up? Can you think of a code/SCRIPT to put on a webpage to make a cookie pop up? Enter that after the "=" in the url you get when you click the "Use This" button.. ( http://www.hellboundhackers.org/challenges/js/js4/index.php?submit=Use+this ) :)

~Night_Stalker

http://www.securiteam.com/securitynews/5CP052A8AU.html

It was in one of the articles, so next time try looking there first. If you want a reference, use the search function, and search Javascript 1-4

http://www.securiteam.com/securitynews/5CP052A8AU.html

It was in one of the articles, so next time try looking there first. If you want a reference, use the search function, and search Javascript 1-4

http://www.securiteam.com/securitynews/5CP052A8AU.html

It was in one of the articles, so next time try looking there first. If you want a reference, use the search function, and search Javascript 1-4

i tried [spoiler]; and it didnt work i cant really think of anything else..

ravix101 wrote: i tried [spoiler]; and it didnt work i cant really think of anything else.. That was the correct Javascript string. You just need to get it so you can inject it with XSS. PM me if you need help.

I am stuck on this one. After completing the first 3 i read 2 hours about XSS(didn't hear about it before) and i can't get it working. I looked on the internet, found an XSS vulnerable site and i got a pop-up box:D. But i can't get it working on the javascript 4 link after pasting the content after the "=" symbol. Can anybody help? Thanks in advance!:p

kyul wrote: ive done all the others, except for 16, but i just can't do 4

i think i have to put something in the pe=U*e+Ts part of the url

i just don't really know what im looking for

any hints would be greatly appreciated :) thanks

Think of a SCRIPT, that would allow you to view a cookie, were you to post it into a shoutbox?

:D

Night_Stalker wrote:

Think of a SCRIPT, that would allow you to view a cookie, were you to post it into a shoutbox?

:D

:))Yeah…i know…..but for the moment i was concentrating only for that pop-up….because this way that scrip won't work either and my brain will start believing that the page it's not vulnerable:p. /index.php?submit=<script>alert("XSS")</script> is not working and i don't know why….i tried in another site and it worked but not here.:(

just think of how u put a little javascript into, so HTML…. with some tags, then put the usual javascript used to get cookies. this isn't too complicated…. those articles spell it out so much.

Ohhh…com on. I got it but….i had a little misunderstanding. In the articles it was said how to steal cookies from other users and not how to find a hidden cookie on a server. I mean…it's kinda different for me:P….Thanks a lot guys, i appreciate your help.:D

You're not forcing someone else to run your XSS JS, instead you're using it to access data on your computer you didn't have access to.

s33us00n wrote: [quote]Night_Stalker wrote:

Think of a SCRIPT, that would allow you to view a cookie, were you to post it into a shoutbox?

:D

:))Yeah…i know…..but for the moment i was concentrating only for that pop-up….because this way that scrip won't work either and my brain will start believing that the page it's not vulnerable:p. /index.php?submit=<script>alert("XSS")</script> is not working and i don't know why….i tried in another site and it worked but not here.:([/quote]

You've got the right idea. insert the thing you would enter into the url bar to view a cookie in place of where your little code says XXS

If you can't figure out how to do it now, please.

PLEASE