Hack This Site!

kingapus
	Rank: Pentitioner (80 Points)
	Status: Offline

UserID: 304594 Joined: 26/04/2007 18:45:51 Last Login: 29/05/2008 8:53:53 Last Active: 29/05/2008 8:53:53 Hobbies: Not Entered Location: Not Entered Website: http:// TimeZone: GMT Birthday: Not Entered	E-mail: Hidden MSN: None AIM: None ICQ: None Yahoo: None IRC ^?: None Warn Level: Voice: kingapus is not muted.
Basic: (1) (2) (3) (4) (6)

Pictures

kingapus has no pictures

Contribution Points

Articles:0 points
Lectures:0 points
HoF:0 points
Donations:0

Articles

No Articles Submitted

Hall of Fame Entries

No HoF Entries

Lectures

No Lectures Given

Comments:
Published: 2 comments.

alex_king - 07:49 am Monday June 18th, 2007

just type the sql injection into the url bar, e.g. copy this:

javascript:alert(\"hello\")

alex_king - 04:37 pm Tuesday May 15th, 2007

i found basic 5 quite hard aswell. Well basically, remember basic four, you changed the \'to\' value to another email, in this case, it won\'t let you. I won\'t go into details now, but basically, you have to change \'to\' value on the webopage itself. To do this you have to use javascript injections. There are two main ones, \'alert\' and \'void\'. Try this out by typing in to the browser (where you enter the website adress): \'javascript:alert(\"hello!\")\'. The syntax for void is:
\'Javascript:void(document.forms[x].[name of field].value=\"anything\")\'. In our case, x is the form on the page, so if there are 4 forms ont the page, x would be 3. Obviosly name of the field is literally, the name of the field, so it is \'to\'

Donate

Challenges

Get Informed

Get Involved

Communicate

About HTS

Translate

Partners