Friday, November 2, 2007

keygen.us XSS

I was again playing around with XSS and this time on one of the biggest cracking site which is keygen.us. Well, i tried some basic XSS and it didn't work as they did some input validation and escape my input characters. It got me pumped up and wanted an XSS on their site. In the end, with a few help i managed to get an XSS on their site and one of them includes mario's exploit. It was an overall learning experience for me and an exiciting one. Check it out:






The Hacka Man

5 comments:

Anonymous said...

again this doesnt make any sense for XSS if the only person who will ever see that malformed script is you... it's the same story as your earlier post on paypal. i wonder whats the big deal :P

Anonymous said...

Well, it does actually. In case an administrator of the website takes look at users' posts or submissions or even their profile, you might be able to hijack his session by stealing his cookies.. wanna try your luck with keygen.us???

- doperish boy..:-)

Anonymous said...

About a year ago I made a video on browsing keygen.us on an unpatched XP box. Needless to say XP didn't have a chance: automated dialers, spyware, likely backdoors, home page altered, browser crash, plus I monitored the network traffic and observed requests going out to the most absurd URLs, non-stop, from the infected host.

Anonymous said...

By the way, I've added your feed to my site at http://kinqpinz.info/feeds/.

Greets. :D

Generic Viagra said...

I don't have much experience using XSS, according to my friends this program have to many errors.