-----Original Message-----
From: listbounce (at) securityfocus (dot) com [email concealed] [mailto:listbounce (at) securityfocus (dot) com [email concealed]] On Behalf Of Vinox
Sent: Wednesday, November 26, 2008 1:16 AM
To: security-basics (at) securityfocus (dot) com [email concealed]
Subject: Re: Help with http://xss-quiz.int21h.jp
Hello Yawnmoth,
yes you are quite right .. because everything is
being done in the response of the server.. so I cannot even figure looking
at the source code.... Ofcourse I will need to understand Javascript fully
.. what do you think about it ??
thanks andr regard,
Vinox
yawnmoth wrote:
>
> javascript:alert(document.domain);
>
> I am curious, incidentally, as to what kind of XSS that would qualify
> as. It's kinda reflected in that the GET or POST request must contain
> the payload, but it also requires user intervention. Also, given the
> nature of this XSS, I don't think you can even do clickjacking with
> it.
>
> On Tue, Nov 25, 2008 at 1:28 AM, Vin Oxious <vinoxious (at) gmail (dot) com [email concealed]> wrote:
>> Hello Friends,
>>
>> I need help with the site :
>> http://xss-quiz.int21h.jp based on XSS Challenge.. I am not able to
>> figure out how to proceed any further at the stage :
>>
>> http://xss-quiz.int21h.jp/stage008.php?sid=c7bd38c2914d016b2be6c9adb9ef6
4b671d57e75
>>
>> If help would be appreciated
>>
>> thanks and regards
>> Vinox
>>
>
>
--
View this message in context: http://www.nabble.com/Help-with-http%3A--xss-quiz.int21h.jp-tp20683507p2
0696500.html
Sent from the Security Basics mailing list archive at Nabble.com.
javascript:alert(document.domain);
-----Original Message-----
From: listbounce (at) securityfocus (dot) com [email concealed] [mailto:listbounce (at) securityfocus (dot) com [email concealed]] On Behalf Of Vinox
Sent: Wednesday, November 26, 2008 1:16 AM
To: security-basics (at) securityfocus (dot) com [email concealed]
Subject: Re: Help with http://xss-quiz.int21h.jp
Hello Yawnmoth,
yes you are quite right .. because everything is
being done in the response of the server.. so I cannot even figure looking
at the source code.... Ofcourse I will need to understand Javascript fully
.. what do you think about it ??
thanks andr regard,
Vinox
yawnmoth wrote:
>
> javascript:alert(document.domain);
>
> I am curious, incidentally, as to what kind of XSS that would qualify
> as. It's kinda reflected in that the GET or POST request must contain
> the payload, but it also requires user intervention. Also, given the
> nature of this XSS, I don't think you can even do clickjacking with
> it.
>
> On Tue, Nov 25, 2008 at 1:28 AM, Vin Oxious <vinoxious (at) gmail (dot) com [email concealed]> wrote:
>> Hello Friends,
>>
>> I need help with the site :
>> http://xss-quiz.int21h.jp based on XSS Challenge.. I am not able to
>> figure out how to proceed any further at the stage :
>>
>> http://xss-quiz.int21h.jp/stage008.php?sid=c7bd38c2914d016b2be6c9adb9ef6
4b671d57e75
>>
>> If help would be appreciated
>>
>> thanks and regards
>> Vinox
>>
>
>
--
View this message in context: http://www.nabble.com/Help-with-http%3A--xss-quiz.int21h.jp-tp20683507p2
0696500.html
Sent from the Security Basics mailing list archive at Nabble.com.
[ reply ]