Friday, October 5, 2007

Another hole????

Hey "big organization", need no explaination. You have been owned again. Well i am smart not to let you see the actual url string, else you will secure yourself? Still call me a script kiddie?? Think harder. Challenge me?? Why not do something to your site rather than challenging people here and there? Need to know the actual payload and url string? Call me. You are lucky i didn't use xss to portscan your internal network or cause a defacement and make you look like a fool. Respect others and respect yourself.



The Hacka Man

7 comments:

Anonymous said...

How would you use client-side XSS to scan their LAN ?

Anonymous said...

No answer ?

euronymous said...

BeEF or XSSshell...of course no response..you're a script kiddie ::(

Anonymous said...

I know those tools, but I haven't looked at them so far.
I'm curious, how XSS does port-scanning to a webservers LAN.

Anonymous said...

Didn't found a way to port-scan the webhoster's LAN.
So, how is this done ?
(Scanning a client's LAN using JS is uninteressting here.)

Anonymous said...

No answer again ?

Anonymous said...

Well, I'm still around waiting for a good answer. ;)

How would one manage to hack directly into a private LAN using an XSS-flaw on their Internet-website (Internet not Intranet). Misconfigured web servers (working like a proxy) do not require XSS. And there should be no need to trick someone on the internal LAN via e-mail (including a link to their website using the XSS-flaw in it)!

How would one do that? I really think, that there's no way.