Security Basics mailing list archives
Re: Help with http://xss-quiz.int21h.jp
From: Vinox <vinoxious () gmail com>
Date: Wed, 26 Nov 2008 00:15:43 -0800 (PST)
Hello Yawnmoth, yes you are quite right .. because everything is being done in the response of the server.. so I cannot even figure looking at the source code.... Ofcourse I will need to understand Javascript fully .. what do you think about it ?? thanks andr regard, Vinox yawnmoth wrote:
javascript:alert(document.domain); I am curious, incidentally, as to what kind of XSS that would qualify as. It's kinda reflected in that the GET or POST request must contain the payload, but it also requires user intervention. Also, given the nature of this XSS, I don't think you can even do clickjacking with it. On Tue, Nov 25, 2008 at 1:28 AM, Vin Oxious <vinoxious () gmail com> wrote:Hello Friends, I need help with the site : http://xss-quiz.int21h.jp based on XSS Challenge.. I am not able to figure out how to proceed any further at the stage : http://xss-quiz.int21h.jp/stage008.php?sid=c7bd38c2914d016b2be6c9adb9ef64b671d57e75 If help would be appreciated thanks and regards Vinox
-- View this message in context: http://www.nabble.com/Help-with-http%3A--xss-quiz.int21h.jp-tp20683507p20696500.html Sent from the Security Basics mailing list archive at Nabble.com.
Current thread:
- Help with http://xss-quiz.int21h.jp Vin Oxious (Nov 25)
- Re: Help with http://xss-quiz.int21h.jp Robert Larsen (Nov 25)
- Re: Help with http://xss-quiz.int21h.jp Terra Frost (Nov 25)
- Re: Help with http://xss-quiz.int21h.jp Vinox (Nov 26)
- <Possible follow-ups>
- RE: Help with http://xss-quiz.int21h.jp Mark Denton (Nov 26)