Monthly Archives: January 2016

XSS Magic

So I used to be a part of this community forum before Facebook was around and everyone had their own profile pages, the problem was they were boring. The code you were allowed to use was heavily restricted so no Flash or Javascript was allowed, not even mouseover images!.

There was also banner ads at the top of the pages and you had to pay to have them removed. They interfered with the look of your page when you customized them with CSS.

Well, I wasn’t having any of this. I planned on bypassing every restriction imposed, and I did just that using XSS. I also used XSS to steal cookies of users on the forums and get around other restrictions. Here’s some old code I found that I used on the site successfully.

<!–BANNER KILLER–>
<STYLE type=text/css>
IFRAME {
VISIBILITY: hidden; WIDTH: 0px; HEIGHT: 0px
}
</STYLE>
<!–BANNER KILLER–>

 

<!–<hr style=`background:url(javascript:alert(‘who’);alert(‘said’);alert(‘they’);alert(‘disabled’);alert(‘Javascript :P’))`>–>

 

<div align=”center”><img src=”Javascript:void(window.defaultStatus = ‘Thanks for Visiting’)” width=”1″ height=”1″ align=”middle”>

 

<IMG SRC=”javascript:alert(‘Wellcome to the site!)” width=”1″ height=”1″ align=”middle”>

 

CSS
Code:

.MouseOvr {
width:75px;
height:32px;
background: url(“”);
display:block;
}
.MouseOvr :link,
.MouseOvr :visited {
width:75px;
height:32px;
background: url(“”);
display:block;
}
.MouseOvr a:hover {
width:75px;
height:32px;
background: url(“http://www.google.ca/intl/en_ca/images/logo.gif&#8221;);
display:block;
}
.MouseOvr a:hover span {
visibility: hidden;
}

HTML: Add this anywhere in your page you want the link
Code:

<h1 class=”MouseOvr”>
<a href=”http://google.ca”&gt;
<span>Link</span>
</a>
</h1>

Advertisements

The Big Move.

So recently the company hosting all of my domains decided to make some major changes to their┬áservices that I didn’t agree with. So rather than pay them for another year, I’ve decided to move EVERYTHING to a new host.

Unfortunately, the timing is terrible. I was already trying to piece everything back together after they made scrambled eggs out of my data, and to top it off, they didn’t have any backups, which they said in their terms they would do. So now I’m left with an even bigger mess of files.

Well, on the plus side I’ll have a clean slate to start with. Until then, this WordPress site will serve as an Archive for my previous postings until I get my new host up and running.