Home | hacker invade | crack analyzes | hacker course | Exploit | encryption decipher | network management | System crack | the virus to be related | invades the examination | firewall
You are here: hacking technology > hacker course > Content
Hot Articles
SmoothWall Introduces Lo
Travel of the JSP+Oracle
Hacker skill: Gains Webs
Breaks through the Inter
MYSQL database injection
The Tomcat backstage tak
Breaks through the Inter
The hacker teaches you a
WinHex pursues the code
How does the hacker dest
How teaches you to take
The SQL injection revise
mssql SA jurisdiction ne
Microsoft SQL Server SA
The bored Css cross stat
Recommend Articles
The SQL injection revise
How does the hacker dest
The new military recruit
Union inquires the small
MYSQL database injection
Invades under new skill
How does the website scr
Smells searches works as
How in does the net seep
Microsoft SQL Server SA
A simple invasion, does
The mainstream raises th
The bored Css cross stat
The random combined comm
The hacker teaches you a
New Articles
Check Point offers compa
The malware spreads Cali
Full Disk Encryption pro
Cardholders should take
U.S. still more spam tha
Strong encryption L?solu
ConvexSoft DJ Audio Mixe
Few companies k?can be i
IT professionals can kee
k the media?can not by s
k the media?can not by s
Google Custom Search Eng
Users of the iPhone and
Gateshead College offers
Manchester obtained pass
The bored Css cross station hangs the horse(2)
  Add date: 07/15/2008   Publishing date: 07/15/2008   Hits: 112
Total 5 pages, Current page:2, Jump to page:
 

ript>
When we submit this URL time, is hit a news frame in ours browser, “XSS_Vuln_Testing”? 
This example is only a XSS crack's simple demonstration, and not practical significance, but explained sufficiently the question is.

Below we analyze create this movement result the reason, program.cgi have not undergone effective filtration processing to our input
,
Directly reads in 404 error pages, finally founded a page, as follows:
          <html>

          <b>404</b> - <script>alert ('XSS_Vuln_Testing')</script> Not Found!

          </html>

In which javascript script through the browser explanation execution, then presented the result which you see.


How to complete hacking using XSS?

Front is similar to mentioned, if the user submission's request cannot obtain satisfies, then the server end script will read in the infed information

html document, when the server end procedure to reads in the html document the data not to carry on the effective filtration, the malicious script may insert

In this html document. Other users will glance over this connection the time script through the client side browser explanation execution.

Instance:

The supposition you discovered that myemailserver.tld has the CSS crack, you want to obtain a person's email account number, for instance we
The goal is b00b this person.
           www.myemailserver.tld/cgi-bin/news.cgi?article=59035
Above has the CSS crack's connection to revise:
     www.myemailserver.tld/cgi-bin/news.cgi?article=hax0red
This will found a wrong page, we will obtain the following information:
           Invalid Input! [article=hax0red]

When under inserts such javascript code, on your screen will spring one to contain test the news frame.
           www.myemailserver.tld/cgi-bin/news.cgi?article= <script>alert ('test')<
/script >
<script> has not printed on the screen, it is hides in the behind carries out, because server end procedure not right
<script>alert ('test')</script> carries on the effective filtration, therefore sent back the browser in the page and has carried out this script
.

How below do we take a look use this crack to invade Comrade b00b mailbox, first you must know b00b the email address,
And knows cookies the function. Then you may tell a b00b evil intention the connection, heh heh, certainly
Its intention is the east which in the cookie information obtains itself from the b00b machine to want east.
Tries to find solution to let b00b visit the myemailserver.tld stand publication the article, for example: ” dear b00b, has a look at this US
Female
How?”

When then pitiful b00b visits www.myemailserver.tld/cgi-bin/news.cgi?article= <script> to steal

 

Other pages: : <<Prev * 1 * 2 * 3 * 4 * 5 * Next>>
Prev:The mainstream raises the power technology comprehensive work with the non-mainstream Next:The random combined command achieves exempts kills

Comment:

Category: Home > hacker course
Home