when i try and do an xss with chrome it blocks javascript , so what can i use instead of javascript that wont get blocked?
xss with chrome?
- hpprinter100
- Fame ! Where are the chicks?!
- Posts: 214
- Joined: 19 Oct 2007, 16:00
- 16
- Contact:
- hpprinter100
- Fame ! Where are the chicks?!
- Posts: 214
- Joined: 19 Oct 2007, 16:00
- 16
- Contact:
http://www.teachtoday.eu/en/Search-Resu ... /script%3E
works in firefox but not chrome or IE , guess xss is getting wised up to.
works in firefox but not chrome or IE , guess xss is getting wised up to.
oh, you're right, IE did block it
Didn't know it did that.
"Internet explorer has modified this page to help prevent cross site scripting"
Guess it simply checks for any kind of executable code in the vars that normally shouldn't be there.
I played around with it a little, found some interesting info here
Do tell if it works
Didn't know it did that.
"Internet explorer has modified this page to help prevent cross site scripting"
Guess it simply checks for any kind of executable code in the vars that normally shouldn't be there.
I played around with it a little, found some interesting info here
Code: Select all
http://www.securiteam.com/windowsntfocus/6Z00C15NFW.html
"The best place to hide a tree, is in a forest"
- hpprinter100
- Fame ! Where are the chicks?!
- Posts: 214
- Joined: 19 Oct 2007, 16:00
- 16
- Contact:
im still messsing about with it , found this thou http://openmya.hacker.jp/hasegawa/publi ... =datae.txt
oh, that's really neat =ohpprinter100 wrote:im still messsing about with it , found this thou http://openmya.hacker.jp/hasegawa/publi ... =datae.txt
"The best place to hide a tree, is in a forest"
It's ASCII in hexa decimal representationKirk wrote:I am trying to figure out what this is so I can find a conversion table to learn it. I know it is XSS but i want a table so I can figure out what %29, %3c, etc converts too.
Code: Select all
http://www.asciitable.com/
"The best place to hide a tree, is in a forest"
- bad_brain
- Site Owner
- Posts: 11636
- Joined: 06 Apr 2005, 16:00
- 19
- Location: In your eye floaters.
- Contact:
also check here Kirk:
http://ha.ckers.org/xss.html
on the bottom, "Character Encoding Calculator"...
http://ha.ckers.org/xss.html
on the bottom, "Character Encoding Calculator"...
I thought it was ASCII. THis is what i want to do. I want the entire URL to be written in ASCII. so instead of
I also want the "lol" part to be in ASCII also. it is not working for me though. I tried removing the "lol" part and inserting the letter C ("C") but then I get no alert at all.
So my question is: how can i write something not in plain text and have it show up as plaintext when the alert box appears?
EDIT:
Never mind i solved it. I was trying to alter the URL after i brought up the web page. when I altered it before it worked just fine.
?q=%3Cscript%3Ealert%28%22lol%22%29%3C/script%3E
I also want the "lol" part to be in ASCII also. it is not working for me though. I tried removing the "lol" part and inserting the letter C ("C") but then I get no alert at all.
So my question is: how can i write something not in plain text and have it show up as plaintext when the alert box appears?
EDIT:
Never mind i solved it. I was trying to alter the URL after i brought up the web page. when I altered it before it worked just fine.