Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: javascript:()

  1. #1

    javascript:()

    First of all, don't confuse with this onClick stuff, it has nothing to do with <script>.

    I want to know how to use javascript in this way:
    javascript:alert(blah)
    that works in this:
    [img]javascript:alert(gg)[/img]

    so i don`t wanna use <script> stuff, i need to know how to move someone's location using the above method, i`d guess it'd be somethign like:
    javascript:document.window=www.blah.com
    but it isn't.

    if you know what i`m talking about (javascript being executed within a link (and not onClick)) then please tell me how.

  2. #2
    Jaded Network Admin nebulus200's Avatar
    Join Date
    Jun 2002
    Posts
    1,356
    And why would you be trying to do that? Are you trying to avoid someone's filtering of <script> ?
    You probably want something like window.open..but I am hesitant to say anything more without you saying why you are wanting to avoid the <script> and what you are trying to accomplish...

    A good reference for many things: http://devedge.netscape.com/

    A good reference for javascript is from : http://devedge.netscape.com/central/javascript/

    Gives very good index of all javascript commands, what they do, what args they expect, etc.

    /nebulus
    There is only one constant, one universal, it is the only real truth: causality. Action. Reaction. Cause and effect...There is no escape from it, we are forever slaves to it. Our only hope, our only peace is to understand it, to understand the 'why'. 'Why' is what separates us from them, you from me. 'Why' is the only real social power, without it you are powerless.

    (Merovingian - Matrix Reloaded)

  3. #3
    Because I have a user system in PHP, and a friend exploited it by making you go to his site when you viewed his profile, he said he used javascript: things, but he won`t tell me anymore, so now i want to pay him back

  4. #4
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,401
    He probably used XSS (Cross Site Scripting) to exploit your pages.

    Go to http://www.cgisecurity.com/articles/xss-faq.shtml and learn what it is and how to prevent it.
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  5. #5
    Yeah I know it's XSS, hence the JS.

    I've been going to that site for a while, the admin knows his stuff about web security, he`s a friend of a friend.

  6. #6
    Junior Member
    Join Date
    May 2003
    Posts
    5
    most website filter "javascript"

  7. #7
    Junior Member
    Join Date
    Feb 2003
    Posts
    20
    I've heard a lot of XSS and its kind a weird coz i thought its css. It's gaining popularity among hackers for creating holes in government and commercial establishments.
    \"SpeAk YouRSelF\"

  8. #8
    thats because XSS is a very easy way to manipulate pages, either changing them, or accessing data you arnt supposted too.
    sectac
    The Hack Back Revolution
    irc.dal.net:#guesswhatyourhacked

  9. #9
    Senior Member
    Join Date
    Oct 2002
    Posts
    181
    I think so far most of have underestimated how hard it is to acctually expliot a XSS. and gain some information from another user.

    Yes it is easy to prove that an XSS does exist "<script>alert('hello')</script>" will prove that. However it is much more complex to actully put a xss vulnerability to work. The main problem faced is how once you extracted the information you require (lets say a cookie), is how the attacker passes the informaton on to themselfs so they can read it.

    Even if they manage to get the information, there is still the code on the site with the XSS linking back to them, so it is very hard and complex to get away with.

    SittingDuck
    I\'m a SittingDuck, but the question is \"Is your web app a Sitting Duck?\"

  10. #10
    Senior Member
    Join Date
    Sep 2001
    Posts
    1,027
    Well, it's relatively easy to steal a session id from a cookie and have it sent to a netcat listner (for example) with an document.location redirect with the session id as parameter... The netcat listener ca be on a compromised "third party" and forward the info without any log of it...

    Of course, this would be on a site *completely* vulnerable to XSS, without any input filtering at all... Having even only *some* filtering can make such attacks much more difficult...

    Ammo
    Credit travels up, blame travels down -- The Boss

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •