HackerMens Posted November 8, 2013 Report Posted November 8, 2013 Target:Cuplari.Vulnerable link:profile.Type:Persistent xss.Proof:.To solve this you need to pm me the details.Solvers: Quote
bodostyle Posted November 8, 2013 Report Posted November 8, 2013 https://rstforums.com/forum/77241-xss-http-www-cuplari-ro.rstç Quote
HackerMens Posted November 8, 2013 Author Report Posted November 8, 2013 (edited) @bodostyleRead carefully, this is a persistent xss, the one there is reflected meaning it will not work on internet explorer and chrome . Also, this one has a nice filter and takes some skill to bypass, the one found there is just a simple find. Edited November 8, 2013 by HackerMens Quote
Active Members dancezar Posted November 9, 2013 Active Members Report Posted November 9, 2013 (edited) www.cuplari.ro/dass--379234' and 0 UNION SELECT 1,2,3,4,5,6,7,concat('danyweb09::',version()),9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27`.htmlsql injection redirecting to kesarwith this sqli i cant get the password from your lost account:)) Edited November 9, 2013 by danyweb09 Quote
Active Members dancezar Posted November 9, 2013 Active Members Report Posted November 9, 2013 Ok good, last time i checked, this was persistent xss challenge and not SQLi.Read better next time.Regards,El Generante.CU RESPECT!Require account for the persistent xss? Quote
Active Members dancezar Posted November 9, 2013 Active Members Report Posted November 9, 2013 (edited) strongboyy--379247You want pm?//Scuze pentru dublu post nu stiam ca mesajele lui au fost sterse// Edited November 9, 2013 by danyweb09 Quote
