|
You last visited: Today at 13:22
Advertisement
DO HTML Injection
Discussion on DO HTML Injection within the DarkOrbit forum part of the Browsergames category.
09/06/2013, 08:36
|
#16
|
elite*gold: 61 
Join Date: Oct 2010
Posts: 1,188
Received Thanks: 2,403
|
I could also release my method, but then i would be afraid of bp closing it 
Or fix the vulnerable.
|
|
|
|
09/06/2013, 08:53
|
#17
|
elite*gold: 237
Join Date: Sep 2010
Posts: 1,152
Received Thanks: 4,910
|
Dude -.- Its as simple as posting escaped HTML in the clanname -.-
-jD
|
|
|
|
|
09/06/2013, 08:55
|
#18
|
elite*gold: 61
Join Date: Oct 2010
Posts: 1,188
Received Thanks: 2,403
|
Quote:
Originally Posted by »jD«
Dude -.- Its as simple as posting escaped HTML in the clanname -.-
-jD
|
Yup that's what OP's "method" is based on, lulz.
// RQ
|
|
|
|
|
09/06/2013, 09:23
|
#19
|
elite*gold: 237
Join Date: Sep 2010
Posts: 1,152
Received Thanks: 4,910
|
Works on the description box too 
Try entering the following into it:
Code:
<div style="background: url(javascript:alert('Well looks like you just got hacked! hehe')"></div>
or how about
Code:
<META HTTP-EQUIV="refresh" CONTENT="1;url=http://elites.staging.jduncanator.com">
-jD
|
|
|
|
|
09/06/2013, 12:12
|
#20
|
elite*gold: 1
Join Date: Aug 2010
Posts: 1,330
Received Thanks: 1,724
|
That happen when they only echo the vars. They should do some verifications..
|
|
|
|
|
09/06/2013, 12:52
|
#21
|
elite*gold: 0
Join Date: Feb 2012
Posts: 62
Received Thanks: 15
|
Quote:
Originally Posted by »jD«
Works on the description box too
Try entering the following into it:
Code:
<div style="background: url(javascript:alert('Well looks like you just got hacked! hehe')"></div>
or how about
Code:
<META HTTP-EQUIV="refresh" CONTENT="1;url=http://elites.staging.jduncanator.com">
-jD |
can u put remote shell ?
|
|
|
|
|
09/06/2013, 13:28
|
#22
|
elite*gold: 0
Join Date: Jul 2011
Posts: 456
Received Thanks: 105
|
Quote:
Originally Posted by hello..
Press Clan. Enjoy 
PS: Yes my clanname IS A PICTURE xD |
nice work
|
|
|
|
|
09/06/2013, 13:48
|
#23
|
elite*gold: 0
Join Date: Jul 2011
Posts: 456
Received Thanks: 105
|
Quote:
Originally Posted by -yusuf000-
whattt
|
dont spam see the tittle of the thread/DO HTML Injection!
|
|
|
|
|
09/06/2013, 14:27
|
#24
|
elite*gold: 56
Join Date: Jul 2010
Posts: 1,232
Received Thanks: 397
|
Quote:
Originally Posted by porfre
dont spam see the tittle of the thread/DO HTML Injection!
|
But you achieve with this what?..
|
|
|
|
|
09/06/2013, 15:30
|
#25
|
elite*gold: 237
Join Date: Sep 2010
Posts: 1,152
Received Thanks: 4,910
|
Quote:
Originally Posted by R3m0v3
can u put remote shell ?
|
No, its XSS, not RCE.
-jD
|
|
|
|
|
09/06/2013, 15:30
|
#26
|
elite*gold: 0
Join Date: Dec 2010
Posts: 954
Received Thanks: 399
|
Quote:
Originally Posted by joepie1215
But you achieve with this what?..
|
Its just a little example about Bigpoints Security xD
You can even make exutable scripts that can modyfy the whole website or more.
Once I made a YouTube vid in there ^^
|
|
|
|
|
09/06/2013, 16:07
|
#27
|
elite*gold: 237
Join Date: Sep 2010
Posts: 1,152
Received Thanks: 4,910
|
More so you can steal Session IDs and get access to peoples accounts :/
Luckily it strips "<script>" tags but you can still embed it in style tags etc. Even svg!
-jD
|
|
|
|
|
09/07/2013, 01:39
|
#28
|
elite*gold: 0
Join Date: Jul 2011
Posts: 1,623
Received Thanks: 749
|
test / <img src="http://bit.ly/15CmveC"> | data result >% saved
is it like this
or
like this
test/<imgsrc="http://bit.ly/15CmveC">|dataresult>%saved
?
Greez,
jartsa.
|
|
|
|
|
09/08/2013, 21:10
|
#29
|
elite*gold: 260
Join Date: Mar 2012
Posts: 377
Received Thanks: 184
|
how to make picture in dark orbit profil?
|
|
|
|
|
09/09/2013, 01:17
|
#30
|
elite*gold: 60
Join Date: Apr 2011
Posts: 7,894
Received Thanks: 3,067
|
Quote:
Originally Posted by benkiller47
how to make picture in dark orbit profil?
|
You know it, when you read the last sites. 
|
|
|
|
 |
|
Similar Threads
|
html/javasript/html frage
08/03/2013 - Web Development - 8 Replies
Heyho epvpers,
Ich hätte eine frage an euch über eine homepage.
Unswar wenn man so an links an die seite mit der Maus geht,kommt ein z.B. Teamspeak3 viewer rausgefahren und das wollte ich fragen wie ich das mache und eventuel mir einer da ein script schicken kann wäre nett.
Danke im vorraus!
Mit freundlichen grüßen:
Phillip
|
Smc injection
07/27/2012 - SRO Private Server - 3 Replies
how can i do that ? i saw this : http://www.elitepvpers.com/forum/private-sro-explo its-hacks-bots-guides/1575275-release-release-cert ification-server-global-manager-billing-exploits.h tml , saw some guides about sql injection , would appreciate some help , and how can i know the ip and port of a IIS of a server ?
|
[Joomla][HTML] modul in einer html datei verlinken?
11/11/2011 - Web Development - 1 Replies
ich hab vorher im joomla forum schon ein thread geöffnet aber da antwortet mir niemand und ich ich langsam keine gedult mehr.. will heute noch weiter probieren und so.
----------------------------------------
Bei den Modulen gibt es ein leeres, wo man ein editor hat. Ist es möglich eine verlinkung zum modul in der html zu machen?
Hier ein beispiel vom aufbau meiner website: Vorstellung wie die website ungefähr sein soll, wo ich welche div container gemacht habe, wie das ganze zur zeit...
|
[HTML]HELP[/HTML]range hack and skill speed in extreme
08/21/2009 - Dekaron Private Server - 5 Replies
hey guys i need a little help about range hack and skill speed in extreme
i already unpack the Data its all done..1! my problem is wer i can edit the range ang skill speed in extreme..! pls :):):):):)
|
All times are GMT +1. The time now is 13:24.
|
|
