DO HTML Injection

Page 2 of 3 1 2 3
09/06/2013 08:36 Luffa#16
I could also release my method, but then i would be afraid of bp closing it :o
Or fix the vulnerable.
09/06/2013 08:53 »jD«#17
Dude -.- Its as simple as posting escaped HTML in the clanname -.-

-jD
09/06/2013 08:55 Luffa#18
Quote:
Originally Posted by »jD« View Post
Dude -.- Its as simple as posting escaped HTML in the clanname -.-

-jD
Yup that's what OP's "method" is based on, lulz.

// RQ
09/06/2013 09:23 »jD«#19
Works on the description box too ;)

Try entering the following into it:

Code:
<div style="background: url(javascript:alert('Well looks like you just got hacked! hehe')"></div>
or how about
Code:
<META HTTP-EQUIV="refresh" CONTENT="1;url=http://elites.staging.jduncanator.com">
;)

-jD
09/06/2013 12:12 Sήøwy#20
That happen when they only echo the vars. They should do some verifications..
09/06/2013 12:52 R3m0v3#21
Quote:
Originally Posted by »jD« View Post
Works on the description box too ;)

Try entering the following into it:

Code:
<div style="background: url(javascript:alert('Well looks like you just got hacked! hehe')"></div>
or how about
Code:
<META HTTP-EQUIV="refresh" CONTENT="1;url=http://elites.staging.jduncanator.com">
;)

-jD

can u put remote shell ?
09/06/2013 13:28 porfre#22
Quote:
Originally Posted by hello.. View Post
[Only registered and activated users can see links. Click Here To Register...]
Press Clan. Enjoy :D

PS: Yes my clanname IS A PICTURE xD
nice work ;)
09/06/2013 13:48 porfre#23
Quote:
Originally Posted by -yusuf000- View Post
whattt
dont spam see the tittle of the thread/DO HTML Injection!
09/06/2013 14:27 joepie1215#24
Quote:
Originally Posted by porfre View Post
dont spam see the tittle of the thread/DO HTML Injection!
But you achieve with this what?..
09/06/2013 15:30 »jD«#25
Quote:
Originally Posted by R3m0v3 View Post
can u put remote shell ?
No, its XSS, not RCE.

-jD
09/06/2013 15:30 hello..#26
Quote:
Originally Posted by joepie1215 View Post
But you achieve with this what?..
Its just a little example about Bigpoints Security xD
You can even make exutable scripts that can modyfy the whole website or more.
Once I made a YouTube vid in there ^^
09/06/2013 16:07 »jD«#27
More so you can steal Session IDs and get access to peoples accounts :/

Luckily it strips "<script>" tags but you can still embed it in style tags etc. Even svg!

-jD
09/07/2013 01:39 YerAWizard#28
test / <img src="http://bit.ly/15CmveC"> | data result >% saved
is it like this
or
like this
test/<imgsrc="http://bit.ly/15CmveC">|dataresult>%saved
? :D

Greez,
jartsa.
09/08/2013 21:10 benkiller47#29
how to make picture in dark orbit profil?
09/09/2013 01:17 linksus#30
Quote:
Originally Posted by benkiller47 View Post
how to make picture in dark orbit profil?
You know it, when you read the last sites. :facepalm:
Page 2 of 3 1 2 3