<script type=text/javascript>alert("t0pP8uZz")</script>
<script>alert("t0pP8uZz")</script>;
<script>alert("t0pP8uZz");</script>
<script>alert("/t0pP8uZz"/)</script>
<script>var var = 1; alert(var)</script>

<IMG SRC="javascript:alert('Vulnerable');">
<IMG SRC=javascript:alert('Vuln')>
<IMG SRC=JaVaScRiPt:alert('Vuln')>
<IMG SRC=javascript:alert("Vuln")>
<IMG SRC=`javascript:alert("Santa says,
'vuln'")`>
<IMG """><SCRIPT>alert("yay for nothin")</SCRIPT>">
<IMG
SRC=javascript:alert(String.fromCharCode(88,83,83) )>
<IMG
SRC=javascript:alert('tehe')>


dont delete because i thought it would be more constructive for me to do all my testing in one little thread rather than spamming others.

...WTF are you doing?

WTF do you think you're doing :p

Hey c0de authorized me to pentest this forum.
So thats what im doing.
Just to wipe the smug smile off his stupid gormless features.

This forum has an XSS vuln and has a RFI/LFI hole in the pm system.

More updates later.

And.. you wanted to tell us why? Thats MY secret hole! :@

Just so you are aware.
XSS needs to be tested by having values stored server side.
Well XSS that has any good damage does.

Sadly though those two holes were not discovered by me.
So that wont please c0de so i will strive to discover more.
Then if he doesnt believe me or says im a stupid 15 year old again.
Then i will use these exploits.

But so he knows.
The majority of great hackers today are 15-16.

Should we clap?

Yay for CSRF

http://www.youtube.com/watch?v=a_areBajlhA
yeh maybe we should just hold hands and sigh?

Not even gunna bother watching it.

Please be nice im only testing.

Impressive.. not?

ok, sorry. no more shit stiring

Two holes in the PM system, not good :( Let's hope I don't get hacked.
Are they in the notification popup and mail?
Lemme test too yo (# onmouseover=alert(document.cookie)) <- pretty common flaw.

@Noobs: XSS stands for cross site scripting, some type of security flaw allowing users to add harmful code to a website, such as stuff to hijack sessions and other client side (java)scripts. Actually it should be called CSS, but as there is already a CSS (cascaded style sheets) they just called it XSS.
Short version: XSS is injecting javascript in websites
Shortest verision: XSS is dangerous

CSRF is more dangerous.
I can steal anyone password really.

Steal mine and PM it to me ;)

Yesh, try to take mine :rolleyes: And PM it to me.. :D

im testing it as we speak.

however my signature seems to not be working

you better not touch mine!!! :f:

This guy just wants post count++ :rolleyes: I doubt he can hack this forum- Dankness and Fakawi, and others have put too much work into it.

Oh i'm writing a PM to them all as we speak notifying them of the holes i have found.
Just for the record.
What i have done is literally hacked this forum.
I have found several holes that could allow me to do very nasty things.
But as i like to auto i am gunna be nice and jsut tell admins about it.

Oh i'm writing a PM to them all as we speak notifying them of the holes i have found.
Just for the record.
What i have done is literally hacked this forum.
I have found several holes that could allow me to do very nasty things.
But as i like to auto i am gunna be nice and jsut tell admins about it.

a good thing to do in my opinion. but id like to hear one of them admins prove you sent a pm :)

lol?
Well im not only gunna PM them.
Im also gunna attach a post to the back of the thread where i was ridiculed.
So much to the point that "Your jsut a stupid 15 year old who can not hack anything!"
This tears me in half that he is such an idiot.
The best hacked i know.
RoMe0
Is one year older than me.
And me adn him together have taken down hosting companies that gives us access to all the sites hosted by them.
Now is that not hacking?

Why do you feel the need to prove yourself so much?

Actually, what he (it, from now on) is trying to prove that it can be stupid. It, in effect, is just trying to scare us. It has no capability of ever doing the things he says, and, that JS snippet is exactly the one I saw on a freaking tutorial...?

Again. Big words.. No proof. MAYBE you can hack. But most likely nobody will believe you here, so just go prove your hacking skills somewhere else, or actually PROVE something, mmkayh?

Well said now for that ill teach you something.
IF you wanna piss people off in this forum.
Enclose inside image tags in your sig

should piss them off.
That my firned is CSRF

What does it do?

CSRF is more dangerous.
I can steal anyone password really.

LOL.

First thread was warning and this means Ban.
/ Me grabs BANHAMMER
You are a noob, and you can't steal passes....

Let's all sigh very deeply for this noob.. :rolleyes:

LOL.

First thread was warning and this means Ban.
/ Me grabs BANHAMMER
You are a noob, and you can't steal passes....

Let's all sigh very deeply for this noob.. :rolleyes:

OMFG TEH BONZ0R HAMMAH!

Last edited by Wizzup? : Today at 09:16 AM.

Can you tell what was in santa's post?

Btw I just changed to page 2 when he got banned, while reading page 1 he was nrml..

*a very deep sigh for this noob*

EDIT: Wizzy nooooo! Quickly change Hammer to Shampoo!

Ya I have it in my history, but obviously its no good *Shifty Eyes*

Yeah, i'm with n3ss3s... what did it say?!?!?!

*Siiiiiiiigh* I hope this will be the end of santascar's imaginary hacking and bullshit..

It was some link, that musta been bad, so I am not going to post it.

lol @ the scriptkiddie

Cheers mate, enjoy ban land. :)

too bad he got banned rofl. Yeah, I woulda like a bit more laughter too :D


No, those are scriptKIDDIES. BABIES!

EDIT: Ruroken me <3 your avatar.

EDIT EDIT: His link propably was someting like "Javascript:alert('Your virus software, yes, the one I dont have enough skill to get the name of, said that you have 12345678 trojans! ');"

As no one tried it i thought having read this id have to do it, here is text put in image tags...

WTF did that do?

Roflcopter! (In three different contexts!)



http://home.cinci.rr.com/maclean/roflcopter.gif

http://img.photobucket.com/albums/v108/Sulkdodds/ComicPage11.jpg

http://img529.imageshack.us/img529/6727/roflbrothelhx9.gif