1. We have moved from vBulletin to XenForo and you are viewing the site in the middle of the move. Though the functional aspect of everything is working fine, we are still working on other changes including the new design on Xenforo.
    Dismiss Notice


Discussion in 'Ethical hacking' started by zero963, Aug 7, 2007.

  1. zero963

    zero963 New Member

    hello everyone, i have been googling my mind out try to figure how to use an xss (cross site scripting) exploit like this one:

    Ealert(1)%3C/script%3E&cof=FORID%3A11#210 (courtesy of xssed.com;)

    and others that can be executed in the url. keyword being "url" cause i already figured out how to make,find,configure,and execute "hotkeys",
    but i dont know how a remote attacker uses this (lack of a better term) "url injection", where the attacker types in a exploit like this one in his browser and magically another users cookies are sent to his cookie grabber.

    or mybe i totally iam lost and the above exploit has to be executed by the victim using a hot key or the web page has to already be compermised and the above url is than injected into the page after write access to the web page has been exploited.

    or lastly, mybe this "url injection" injects code into the vulnerable script that is being exploited. dont know, but i really want to find out and dont say google it cause i have read every xss tutorial, explanation i could find and well mybe i just need to here a little more detailed answer than what ive read.
  2. pradeep

    pradeep Team Leader

Share This Page