mazmac24 Posted June 2, 2006 Share Posted June 2, 2006 Does ayone know of any website hacks? I thinking like maybe on a site like TigerDirect.com were you can lower the price of something. Or like YouTube that has been hacked into. lol Quote Link to comment Share on other sites More sharing options...
stingwray Posted June 2, 2006 Share Posted June 2, 2006 Well I wouldn't recommend you to try hacking into an e-commerce website, and generally hacking into any website is stupid, unless it is your website which you are testing. Hacks for websites though is a different thing completely. Hacks are a term for getting a website to do something which is cool by using features already in it. Like there are tons for the Google search engine for getting it to look in different places etc. Quote Link to comment Share on other sites More sharing options...
Masterpyro Posted June 3, 2006 Share Posted June 3, 2006 ive always wanted to test this on my own site to see how it works and "edit" sites that copy mine. except not very many people do.... Quote Link to comment Share on other sites More sharing options...
spektormax Posted June 3, 2006 Share Posted June 3, 2006 ok... Im goig to be very careful about how much fo the hack I give away... beacuse I kno countless noobs that will just copy paste it... BAsicly any site using paypal, has a form that it posts (sends) to paypal's php script that does billing. In the form, there are things like price, currency, and payment reocorences. One could perform a "javascipt injection" thru the borwsers own javascipt ability by for example tyoung java script:"command" and then outtign th command into it that you want eecuted. Now, the exact commands you need to figure out (or google for you''ll find them), but if yoou do it right, saw 5 dolors a mouth can become .01 YEN every 5 years. Just don't do it on big sites, cuz thats bank fruad, and here in the USA thats federal prison with buba Quote Link to comment Share on other sites More sharing options...
cooper Posted June 3, 2006 Share Posted June 3, 2006 It just so happens that I'm familiar with the paypal payment method (they have some decent documentation on it on the site aswell). What happens is that you send off the customer to the paypal site to perform the payment. You must configure PayPal with a callback URL that it will call on completion of the transaction to notify you that the customer did in fact pay. In this callback all those fields you mention are present. You are then required to post back these fields to PayPal, and only consider the transaction succesfully processed if you get a response that has the word VERIFIED in it somewhere. So, for starters, PayPal calls you on a page that you're supposed to hide on your site since only PayPal is going to use it. I.e. good luck finding it. On top of that, this script can test the IP of the calling machine, and deny everything if it's not one of paypals. And finally, this is how the business is informed that something has been paid for, and includes a field that the business can fill in on its own (unique transaction ID or some such) which you shouldn't be able to guess. I don't see where the hack would be. You can't find where to poke, and it's trivial to detect the poking. Quote Link to comment Share on other sites More sharing options...
Masterpyro Posted June 3, 2006 Share Posted June 3, 2006 does this method work for changing a site from like a game site into This site hacked by.... without know ing username and password? Quote Link to comment Share on other sites More sharing options...
melodic Posted June 3, 2006 Share Posted June 3, 2006 yes it does. just do javascript:change:User:Me:Pass:Me='IMACOMPLETENOOB' should work just fine Quote Link to comment Share on other sites More sharing options...
Masterpyro Posted June 4, 2006 Share Posted June 4, 2006 this is not permanent though is it? Quote Link to comment Share on other sites More sharing options...
Darren Kitchen Posted June 4, 2006 Share Posted June 4, 2006 no, 'IMACOMPLETENOOB' is not permanent, however it will require many months of reading to fix. Quote Link to comment Share on other sites More sharing options...
CaveMan Posted June 4, 2006 Share Posted June 4, 2006 lol, if u didn't understand what he meant than u really are a complete noob :P but still java script:alert(document.cookie) will show you the cookies on the site than to edit the cookies java script:void(document.cookie="userid=ICP") than to view them do the alert 1 again :p any site that this is useful for deserves to get hacked... Quote Link to comment Share on other sites More sharing options...
melodic Posted June 4, 2006 Share Posted June 4, 2006 yeh he also pm'd me n asked me where yto type the javascript i wrote out for him hehehe :D :) Quote Link to comment Share on other sites More sharing options...
Employee Posted June 4, 2006 Share Posted June 4, 2006 YouTube that has been hacked into Youtube has not been hacked into it was a joke that they played on other people. Quote Link to comment Share on other sites More sharing options...
comcipher Posted June 4, 2006 Share Posted June 4, 2006 yes it does.just do javascript:change:User:Me:Pass:Me='IMACOMPLETENOOB' should work just fine Yeah, that's a pretty serious flaw on alot of webservers. Hopefully we can get this patched soemtime in the next year or two. Quote Link to comment Share on other sites More sharing options...
mazmac24 Posted June 4, 2006 Author Share Posted June 4, 2006 How do you do the scripts and stuff? Quote Link to comment Share on other sites More sharing options...
cooper Posted June 5, 2006 Share Posted June 5, 2006 Dude, please. You're killing me. Read the first post in this thread (hell, read all of it, but AT LEAST the first port), and follow the links in it: http://www.hak5.org/forums/viewtopic.php?t=913 Read those pages aswell. And I don't mean read as in 'gaze over it, get bored and move to the next'. I mean REALLY read. Don't learn the words, try to understand what is happening. As fun as hacking a website might be, understand that the people who made the websites typically put quite a bit of thought into it, and because of this finding a way to hack them will be HARD. If the site is higher profile (Microsoft, financial institutions, ISPs) expect them to have REALLY put some SERIOUSLY smart folks to work on their sites. To get a hack there, you'll have to outsmart them. And if you think that will be easy, well, you've got even more to learn than we already know you do. Good luck! Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.