Thursday, October 19, 2006 

Cool I am successfull !! in XSS attack!!

Huh after 10hours of my hardwork I finally managed to do an xss attack against dictionary.com
The site was pretty easy to attack.... they are not doing much validation at all.. you want to see what id did :) click here (Hmm.. wait for the page to load copmletely ... :( well I need to manipulate some javascript to make it load fast.. but hey .. I am not using the exploit... so i think its fine to live with it for now)

So what did you observe in that page? ...
The domain in the url points to dictionary.com and the page asks you to sign up for a paid service to use it.... hmm.. thats all you submit your credit card info boom... nothing happens :).Actually I know that no one is going to get trapped for that stupid interface I gave...so I set the action for that form to "about:blank". If we want we can set the action of that form in such a way that the credit card info when submitted through this form gets mailed to my Id.

Any ways ... the interface is pretty premitive.. we can make it more cool with some javascript.. that makes the user think that the page is from dictionary.com only... (for instance if he seaches again ..he will not see the payment page ...with the current interface.. we can change that with a little bit of javascript...)..

Any ways if you want to know how i did that just .. decode the url I gave in "click here" link above.. download the script it is pointing to and explore further.... Happy Hacking :)

Wednesday, October 11, 2006 

XSS

Cross site scripting.. well I am a novice learning about hacking.. I started with sql injection and I was sucessful in doing it on a site.. well i hacked nothing but few tables of useless data...
Now a days its a well known vulnerability everyone is aware of and have taken precaution about... So I stopped exploring it for now...

Recently I came to know about xss.. and feel that its pretty cool especially when you are trying to hack email accounts, hunting for cookies... etc...show up your html pages on sites... cool that great.... I am understanding it... well tried it out on some test pages of mine and its cool... for more info about xss.. hit the google..............

I will provide more info once i hit the net and do some real hacks ... and get some experience on it...

Happy Hacking :)