Jump to content

sahil

Active Members
  • Posts

    11
  • Joined

  • Last visited

Everything posted by sahil

  1. I was probing for a reflected xss and I haven't been able to beat the url encoding being performed on the backslash character. the <script>alert(1)<script> is reflected as it is but backslash is encoded into %2F. I tried double encoding the backslash and submitting the new script directly in the url but this dosen't seem to work either. special characters like = ; are also being url encoded. Should I stop probing for xss and look for other point of exploitation or is there a way to cause an xss. **UPDATE: ** after trying inserting <xml%00onreadystatechange%253Dalert(1)> directly in the URL, the reflected string that I get is this but in the URL everything after <xml gets truncated. I guess something worked here and the filters picked it up and truncated everything after <xml.
  2. Alright, thank you so much for answering the question. I will try and better my skills.
  3. Thank you, I am comfortable in Python and able to understand most of the code and will fasten the pace for ruby. Could you tell me about the books weather they are helpful or am I just wasting my time reading those.
  4. Oh I already did that and it was really insightful but I am talking about vulnerabilities in general. I want to make it as a peniteration tester, I am not asking for a go to place everytime I see a vulnerability just point me in a helpful direction. Also, does reading books such as The hacker's Playbook and books like that?
  5. I am fuzzing around with Metasploitable and I ran a vulnerability scan with Nessus. I obviously got a bunch of critical vulnerabilities but I am clueless on what they are and how the exploit works. I did google it but their explanations are rather vague or just complex for me to understand (I am a stereotypical Script Kiddie, feel free to call me dumb). Can someone please tell me how and from where do I search more about the vulnerability and the exploit. Often the exploits are written in ruby (or languages that I am not fluent in, even the pro's aren't good in every language are they?) and I am just starting to learn it. (I am good in python though, I can understand most of the code). I am reading networking books along the lines and am good with Linux. Other than researching exploits and vulnerabilities can you explain how you got into and better with penetration testing? Thank you.
  6. Thank You it worked! and I will take necessary measures for avoiding SQL injections. Thank you once again.
  7. I have the logic and everything in place but I am having trouble getting the friend request receiver's ID here is the problem that I have described with my database structure and code, on stack overflow. There was a comment but it wasn't really helpful. I hope this link would present my question a little better.
  8. I started learning PhP recently and I am trying to create a social network for practice, I have got signup login and user homepage figured out what I can't seem to think about is the logic behind adding friends and blocking people. I tried looking it up and all the answers were a little too complicated for me to understand so if someone could please help me and explain the logic behind this would be a great help. Thank you.
  9. I just wanted to know how many of you have actually tried to hack their ISP to get extra download speed or to remove the data cap, and how many of you have succeeded, I am not saying teach me or anything like that just wanna hear some stories.
  10. I am trying to create a chat function for my website and I just wanted to know whether it's a good idea to store the history in a txt file. I wanted to know wheater it would create extra load on the server and if there are any other means of storing data for storing chat data please do suggest them also I tried to store data in mysql directly, what I was doing (on localhost) was creating different tables for storing chats in the Tables, for example if user1 texts user2 the Table would be user1:user2 and then the rest of the chat would be a database entry. Any help would be really appreciated. If there are any disadvantages of storing chat data in txt form could you please write that down as well? Thanks a lot.
  11. sahil

    Userhompage

    I am trying to create a website where people can create an account but I am not able to figure out how do I display the user information. I mean should I create separate php files for each and every user or should I just make one file with headers that'll change the user information according to their session id. I hope you get what I am trying to say. Can anyone help me out.
×
×
  • Create New...