javascript:()

First of all, don't confuse with this onClick stuff, it has nothing to do with <script>.

I want to know how to use javascript in this way:
javascript:alert(blah)
that works in this:
[img]javascript:alert(gg)[/img]

so i don`t wanna use <script> stuff, i need to know how to move someone's location using the above method, i`d guess it'd be somethign like:
javascript:document.window=www.blah.com
but it isn't.

if you know what i`m talking about (javascript being executed within a link (and not onClick)) then please tell me how.

And why would you be trying to do that? Are you trying to avoid someone's filtering of <script> ?
You probably want something like window.open..but I am hesitant to say anything more without you saying why you are wanting to avoid the <script> and what you are trying to accomplish...

A good reference for many things: http://devedge.netscape.com/

A good reference for javascript is from : http://devedge.netscape.com/central/javascript/

Gives very good index of all javascript commands, what they do, what args they expect, etc.

/nebulus

Because I have a user system in PHP, and a friend exploited it by making you go to his site when you viewed his profile, he said he used javascript: things, but he won`t tell me anymore, so now i want to pay him back ;)

He probably used XSS (Cross Site Scripting) to exploit your pages.

Go to http://www.cgisecurity.com/articles/xss-faq.shtml and learn what it is and how to prevent it.

Yeah I know it's XSS, hence the JS.

I've been going to that site for a while, the admin knows his stuff about web security, he`s a friend of a friend.

most website filter "javascript"

I've heard a lot of XSS and its kind a weird coz i thought its css. It's gaining popularity among hackers for creating holes in government and commercial establishments.

thats because XSS is a very easy way to manipulate pages, either changing them, or accessing data you arnt supposted too.

I think so far most of have underestimated how hard it is to acctually expliot a XSS. and gain some information from another user.

Yes it is easy to prove that an XSS does exist "<script>alert('hello')</script>" will prove that. However it is much more complex to actully put a xss vulnerability to work. The main problem faced is how once you extracted the information you require (lets say a cookie), is how the attacker passes the informaton on to themselfs so they can read it.

Even if they manage to get the information, there is still the code on the site with the XSS linking back to them, so it is very hard and complex to get away with.

SittingDuck

Well, it's relatively easy to steal a session id from a cookie and have it sent to a netcat listner (for example) with an document.location redirect with the session id as parameter... The netcat listener ca be on a compromised "third party" and forward the info without any log of it...

Of course, this would be on a site *completely* vulnerable to XSS, without any input filtering at all... Having even only *some* filtering can make such attacks much more difficult...

Ammo