Im new to the scene
I think this community is incredible and I've already learnt a lot, specifically about exploiting etc.
There are somethings I just dont understand on a basic level though, for example from this article: http://www.hellboundhackers.org/articles/635-javascipt-injection-tutorials.html
Ok, so it covers the basics of injection, I know JS already, what I want to learn about is how to actually inject, I know the basics like href="Javascript:alert(1)" and <img src="x" onerror="x"> but what about if html tags are stripped and html entities replaced, are there any possiblities to get round this with UTF8 or other character encoding.
Another thing from that article, sure, you can edit a form client side, but what is the point? Those changes are only rendered on your side, and I can not think of any practical uses for this? (How often do you get forms where the destination emails are editable within the html)
If anyone could give a bit of advice, not laying it on a plate but just some ideas id be very grateful :D
then you need to find a way to bypass strip_tags and entities, here's a bug report on strip_tags() http://www.securityfocus.com/bid/10724/exploit just look around for different exploits and try to understand how they work. so that you actually learn something. btw i think this should be used as an example on how to ask a question, he stated what he knew, what he needed to know, what he thought was correct, and his thought process up until now.
Thanks for the response, I'm usually a quick learner so I think once I get the basics down and make a couple of successful hacks I'll be decent enough to progress on my own, I've already done a couple of the challenges and will probably do some more this week.
One thing I didn't quite grasp from this article: http://www.hellboundhackers.org/articles/articlecomments.php?article_id=526
The way I envisage it is you have a search which takes its params from the query string, so you can try and embed some js and then get ppl to visit that url with the xss attack, but a lot of searches wont actually output the string, and if they do it will be stripped. So am i right in this example its just the same thing but the site will place the injection code into the text box value and therefore break out of the text box - but i dont see how it gets round any problem because if there is any kind of sanitisation on the search string it wont break the text box
Thanks for the link, the strip tags bypass looks good just need to find a entities one