Author | Post | |||
ruglud007 [none yet] |
Could anyone with experience in XSS pn me? I'd need some (beginners) advice. And, if you read this AND are qualified to answer my question: As long as you read exactly this forum thread, I've not found anyone to help me -ruglud |
|||
13.07.2011 15:42:46 |
|
|||
moose |
* Wikipedia * StackExchange * ha.ckers.org You could be a little bit more specific, if you want someone to PM you. |
|||
14.07.2011 17:36:27 |
|
|||
ruglud007 [none yet] |
Yeah, I've played around with this technique on a website, so I put a simple alert order after the search part (search.php?search=-->*****<--) and when I viewed the source, the script was there, but it wasn't executed. So, just for educational purposes, I'd like to know why it didn't do anything -ruglud |
|||
14.07.2011 21:06:46 |
|
|||
moose |
If its only for educational purposes, you might want to post a link and discribe what you did. But I'm quite sure that its either already explained in the links I gave you or not legal to test it where you would like to test it. I have lerned most of the thinks I know by solving challenges and by programming. If you program a simple forum and try to abuse it, you can see where the problems are. Then take the other part and try to make it impossible to use these vulnerabilities you've just used. This approach takes a lot of time, a lot of thinking, reading and programing. You might also want to take a look at some well known forum systems like phpBB. Their source code will be much longer than a simple forum you could write. Try to understand phpBB and some parts of the code which are relevant for security. Eventually they have comments like "this is against XSS", I don't know. You could also look at the phpBB bug tracker. They might have some security vulnerabilities which they have already fixed there. So you could try to understand how someone could have used this vulnerability. |
|||
15.07.2011 09:25:54 |
|