Since I hate Blue dragon and their admin who can do nothing but steal content and DDoS, i'll help ya a bit, hopefully you can find some unsecured parameter
XSS is usefull for stealing cookies and authentificating as another user with said cookies. Most sites use a session token to keep track of sessions of users.
XSS means that you get the cookies of another user - by making them visit a link wich gathers the site's cookies. This is not thaaat useful though, unless you can get NIMDA/Pavel or whatever he calls himself these days to click on a link, or if he has unfiltered tags that allow to link a php or jsp instead of a picture or something.
You should look more into SQLi. SQL is a database language which is broadly used online. To SQLi, you must know basic querrys.
For example, take this :
SELECT * FROM Logins WHERE UserID = 1;
This Querry would return the dataset of the collumn where user ID is 1 - probably admin.
Now, if we abstract this into (a bad example of) PHP :
$uid = $_GET['UserID']; //Get parameter from response array
mysql_query("SELECT * FROM Logins WHERE UserID = $uid"); //querry with user ID from GET
This is a win situation.
Normally you'd just have ints as parameters, and all is fine. Now, an evil person could pass not a number, but this as "userID" :
0; TRUNCATE Logins;--
Which will result in following querry :
mysql_query("SELECT * FROM Logins WHERE UserID = 0; TRUNCATE Logins;--");
And that is the end of the contents of their Logins table
I'll leave the rest to your creativity.
I'll distance myself from any error - I wrote this at 3 am, while on pot
Cheers
