deleted... I'm so scared

Last edited by feruzz (2008-06-07 11:48:40)

post deleted very dangerous

[quote=feruzz]post deleted very dangerous [/quote] wew.. deleted?? what did u delete pakcik feruzz??

[quote=feruzz]@bang July nothing.... I just made the XSS box easy to inject the XSS LOL but I cant publish in this thread here's screenshot [spoiler][url]http://h1.ripway.com/feruzz/friendster/photo/xssbox.PNG[/url][/spoiler][/quote] wew.. I also have found new js linker and css linker through media box that compatible in all browsers.. But...I can't post it here..

[quote=feruzz]^ hahaha... me too... I just found how to inject the linker in WIWTM but this is very complex encoding but still no luck in Media box[/quote] wew.. hahahahaaaa.. Let's start inject malicious codes in FS TEAM profile..

wew.. Here is the link [b][url]http://profiles.friendster.com/friendster[/url][/b]

wew... [b]>>feruzz[/b] pakcik feruzz..where are u?? I found something <">if you put the codes into media box it will not be filtered but it can not be read I put the linker from ur tag image linker I think we need to add some character in it to make it works in media box.. [b]additional[/b] some dangerous CSRF bugs can be used to hack account.. <">Try to send the codes as comment to ur another account.. after you approve it you'll be log out automatically.. damn..it's so dangerous.. we can use it to change other usernames and passwords through [b].html form[/b]... Just beware !!!!!

Last edited by TA Juleigtin Siahaan (2008-06-08 09:55:05)

[quote=xavierkym]Oops, I think this post is intended for this thread.. Haha.. I actually posted this in the Off-Topic Section: Here's another hole. Which allows you to make an alert box. I think this is also considered as an Iframe technique because the script is from a .html file. Try to put this in your media box: <">Tested in Firefox, I'm not sure in IE. You can even use it as a comment [/quote] It's like the WVM. If you apply an alert code on the php or htm file. The alert of the iframe comes out externally. The problem is how can we make the content of the iframe external in general, affecting the dom and style externally as well.

Last edited by Ephemeral (2008-06-12 23:41:42)

Hehe the big download day is coming. Yeah I hope it won't get filtered.

Last edited by Ephemeral (2008-06-15 02:40:28)

^ xavier I also found new hole in Who I want to Meet area now I know how to bypass the filtration see my profile [url=http://friendster.com/feruzz]backup linker[/url] btw only Firefox 3 implement the getElementsByClassName which would be the fastest other browsers or earlier still need the getElementsByClassName function

Last edited by feruzz (2008-06-16 05:29:14)