First of all, don't confuse with this onClick stuff, it has nothing to do with <script>.

I want to know how to use javascript in this way:
javascript:alert(blah)
that works in this:
javascript:alert(gg)

so i don`t wanna use <script> stuff, i need to know how to move someone's location using the above method, i`d guess it'd be somethign like:
javascript:document.window=www.blah.com
but it isn't.

if you know what i`m talking about (javascript being executed within a link (and not onClick)) then please tell me how.

And why would you be trying to do that? Are you trying to avoid someone's filtering of <script> ?
You probably want something like window.open..but I am hesitant to say anything more without you saying why you are wanting to avoid the <script> and what you are trying to accomplish...

A good reference for many things: http://devedge.netscape.com/

A good reference for javascript is from : http://devedge.netscape.com/central/javascript/

Gives very good index of all javascript commands, what they do, what args they expect, etc.

/nebulus

Because I have a user system in PHP, and a friend exploited it by making you go to his site when you viewed his profile, he said he used javascript: things, but he won`t tell me anymore, so now i want to pay him back ;)

He probably used XSS (Cross Site Scripting) to exploit your pages.

Go to http://www.cgisecurity.com/articles/xss-faq.shtml and learn what it is and how to prevent it.

Yeah I know it's XSS, hence the JS.

I've been going to that site for a while, the admin knows his stuff about web security, he`s a friend of a friend.

most website filter "javascript"

I've heard a lot of XSS and its kind a weird coz i thought its css. It's gaining popularity among hackers for creating holes in government and commercial establishments.

thats because XSS is a very easy way to manipulate pages, either changing them, or accessing data you arnt supposted too.

I think so far most of have underestimated how hard it is to acctually expliot a XSS. and gain some information from another user.

Yes it is easy to prove that an XSS does exist "<script>alert('hello')</script>" will prove that. However it is much more complex to actully put a xss vulnerability to work. The main problem faced is how once you extracted the information you require (lets say a cookie), is how the attacker passes the informaton on to themselfs so they can read it.

Even if they manage to get the information, there is still the code on the site with the XSS linking back to them, so it is very hard and complex to get away with.

SittingDuck

Well, it's relatively easy to steal a session id from a cookie and have it sent to a netcat listner (for example) with an document.location redirect with the session id as parameter... The netcat listener ca be on a compromised "third party" and forward the info without any log of it...

Of course, this would be on a site *completely* vulnerable to XSS, without any input filtering at all... Having even only *some* filtering can make such attacks much more difficult...

Ammo

There is many ways to do this, and almost all sites( at least large sites ) is some kind of vulnerable for XSS.

How to check a site for XSS vulnerability:
* Check all forms, votes, search, contact, etc. On the reply screen see how the data is outputted and check for database connectivity. ( Check how the characthers are manipulated )
* Check all pages where the url takes parameters and values. Check output on the reply screen, check for database connectivity, etc. ( Manipulate the data here to see what happens )
* Check the webserver software, if it is IIS DotNet server check the Viewstate info, this can be manipulated if it is not encrypted, then you can make your own viewstate, which makes the content of the page.

For example you can manipulted a Internet bank's, then make a fake login, which sends the account number and password and wallett to a anonymous mail account that you control.

It takes an hour to set up, use the banks own pages to send you information.
( You copy the real bank login and manipulate it to send the form content to your anonymous set up page, which sends the info to your mail. )