outdate technique???

General technological topics without their own forum go here

outdate technique???

Post by jjoonnaatt on Wed Sep 05, 2012 4:43 pm
([msg=69145]see outdate technique???[/msg])

Hi I m pretty new to all of this and with the basic missions and realistic onesI m starting to learnnew stuff buti was wondering since it seems so easy and logical..... all those iis injection and techniques with firebug for cookies etc used for basic and realistic missions..... ( i m at realistic mission peace poem one) can these techniques be use in real life ... or are they to old and so easythat bydefault alldoes injection and javascript are by default blocked ..
jjoonnaatt
New User
New User
 
Posts: 1
Joined: Wed Sep 05, 2012 4:38 pm
Blog: View Blog (0)


Re: outdate technique???

Post by -Ninjex- on Wed Sep 05, 2012 5:38 pm
([msg=69148]see Re: outdate technique???[/msg])

jjoonnaatt wrote:Hi I m pretty new to all of this and with the basic missions and realistic onesI m starting to learnnew stuff buti was wondering since it seems so easy and logical..... all those iis injection and techniques with firebug for cookies etc used for basic and realistic missions..... ( i m at realistic mission peace poem one) can these techniques be use in real life ... or are they to old and so easythat bydefault alldoes injection and javascript are by default blocked ..


The only thing near true with what you said that I can think of is that web browsers are now starting to try and disable JavaScript injections via the URL bar by default, which will not work, since you can easily modify your browser anyway, or I am sure many people from the Linux distributions would come together and make a open source browser capable of this anyway. They are trying to do this for security purposes of course, but they still give the option to allow it for penetration testing, but you must go out of your way to turn it on in some cases.

With that being said, lets say they did find a way to prevent injections from the URL bar from all browsers, period. It will still be useless. I say this, because of the realistic mission 8 challenge I beat where you must send money to another account. I made up a little bit of JavaScript injection code and tried to execute it from my URL bar and what do you know, my new version of Firefox disabled it by default. So what did I do? I just turned the javascript:alert function into a button on the web page through firebug just by simply tweaking the code a little bit. It honestly will not matter if they even do manage to accomplish this.

These types of attacks can work on any website with vulnerabilities to them, don't expect all websites to be protected against these attacks and don't expect all of them to be vulnerable to them, because ignorance is inevitable and there is always someone out there that has never made a website and knows nothing of security and could easily fall victim to these types of attacks if precautions are not met.

Also, I do not see websites disabling JavaScript or cookies by default, since these seem vital for a interactive website, which is what people want.

So in a short summary for those of you who skim or get tired of reading real quick, these attacks are still present today and not outdated, I believe they will always be around for as long as JavaScript and cookies are still around.
If you're not willing to learn, no one can help you. If you're determined to learn, no one can stop you.⠠⠵
The absence of evidence is not evidence of absence.
I can explain it for you, but I can't understand it for you.
User avatar
-Ninjex-
Addict
Addict
 
Posts: 1344
Joined: Sun Sep 02, 2012 8:02 pm
Blog: View Blog (0)



Return to General

Who is online

Users browsing this forum: No registered users and 0 guests

cron