HellBound Hackers
You cannot teach a man anything; you can only help him find it within himself. - Galileo
Wednesday, November 19, 2008
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
HellBoundHackers Additional:
Shop
Learn
Links
Communicate
Submit
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Interact
Other
HellBoundHackers Executive:
HellBoundHackers Leisure:
Donate
Has this website helped you?
px
If so, please donate a little to help out with hosting costs.
Members Online
Total Online: 51
Web Spiders: 2
Guests Online: 39
Members Online: 12
FacepalmSquash, kiyoura, alb00z, spyware, K3174N 420, bassmasterman, 1-100, Affliction, Futility, Zephyr_Pure, mcq8, themastersinner,

Registered Members: 36773
Newest Member: Pur
Most Users online: 523
Latest Articles
View Thread

HellBound Hackers | Computer General | Hacking in general
Author

Bypassing striphtmlchars()
SaMTHG
Member

Posts: 128
Location: London
Joined: 27.03.08
Rank: God
Posted on 07-09-08 20:29
Basiaclly I was wondering if anyone knows how to properly bypass this. I know that if I encode the html tag (<scblockedript>;) into:
Decimal NCRs:*scblockedript
Hexadecimal NCRs:<scblockedript>
And probebly more like UTF-7/8 or something but when I try stuff like(Decimal NCRs - "><scblockedript>alert(1)</scblockedript>;):
"*scblockedriptalert(1)*/scblockedript
On the site it allows it to be added but the alert isn't there (it wil say something like: No results found for "><scblockedript>alert(1)</scblockedript>;) So if anyone could help me out that would be great.
Edit: Decimal NCRs: = <scblockedript> encoded in Decimal NCRs:same with Hexadecimal NCRs: where it says (Decimal NCRs - "><scblockedript>alert(1)</scblockedript>;): it means "><scblockedript>alert(1)</scblockedript> encoded in Decimal NCRs thats where it says "*scblockedriptalert(1)*/scblockedript (to avoid XSS on the forum)
Sorry for being such a twat/moron/imbecile/retard/spaz I wasn't thinking :( *I hang my head in shame* P.S a place to convert them blockedripts/uniview/conversion.php'>http://rishida.net/scblockedripts/uniview/conversion.php Once again sorry
Thanks
SaMTHG:)



There's no place on earth where there can be too much logic whatever form it's in.©
I rented a huge book from the library about mouth diseases-the colours were beautiful©[big]hello[/big]
http://www.black-zero.com
Sweet sig K_I_N_G thanks:D
This is like virtual life just without the sword's and helmet's.©

Edited by SaMTHG on 07-09-08 20:56
Author

RE: Bypassing striphtmlchars()
spyware
Member



Posts: 2533
Location: /home/Spyware
Joined: 14.04.07
Rank: God
Warn Level: 55
Posted on 07-09-08 20:34
Can't understand a thing you're trying to say. Also; smileys.



"The chowner of property." - Zeph
I used to roll the dice

Bitsofspy.net
http://bitsofspy.net
Author

RE: Bypassing striphtmlchars()
SaMTHG
Member

Posts: 128
Location: London
Joined: 27.03.08
Rank: God
Posted on 07-09-08 20:49
Sorry I didn't think. HBH filters decoded the encoded scblockedript


There's no place on earth where there can be too much logic whatever form it's in.©
I rented a huge book from the library about mouth diseases-the colours were beautiful©[big]hello[/big]
http://www.black-zero.com
Sweet sig K_I_N_G thanks:D
This is like virtual life just without the sword's and helmet's.©
Author

RE: Bypassing striphtmlchars()
Night_Stalker
Member



Posts: 222
Location: Follow the trails of blood and tears, they will ta
Joined: 01.02.07
Rank: Mad User
Warn Level: 10
Posted on 07-09-08 20:50
SaMTHG wrote:
Basiaclly I was wondering if anyone knows how to properly bypass this. I know that if I encode the html tag (<scblockedript>;) into:
Decimal NCRs:*scblockedript
Hexadecimal NCRs:<scblockedript>
And probebly more like UTF-7/8 or something but when I try stuff like(Decimal NCRs - "><scblockedript>alert(1)</scblockedript>;):
"*scblockedriptalert(1)*/scblockedript
On the site it allows it to be added but the alert isn't there (it wil say something like: No results found for "><scblockedript>alert(1)</scblockedript>;) So if anyone could help me out that would be great.
Thanks
SaMTHG:)


Only incompetent fools put smilies inside their scblockedripts, and end their posts with their name even though it is included in their sig...

EDIT: Wait, I was thinking you were yous3lf, I was going to come to congradulate you on another worthless post, but then realized you aren't him... But the smiles do make it look like a foolish, incompetent homosexual posted it...

Night_Stalker


"Control- It's just an illusion we believe we have control over a situation, or a decision but the choice has already been made.
The reason it was done for- what is the reason?" - Night_Stalker

"Please tell me you arent serious. What am I going to do with BackTrack 2 on a lan network with a desktop?" - a7x2thedeath


Edited by Night_Stalker on 07-09-08 21:00
Night_Stalker.Smile Working on it :D
Author

RE: Bypassing striphtmlchars()
Zephyr_Pure
The Evil Dictator



Posts: 1976
Location: Evil Throne in Evil Castle on Evil Island
Joined: 15.09.06
Rank: God
Posted on 07-09-08 23:00
Night_Stalker wrote:
Only incompetent fools put smilies inside their scblockedripts, and end their posts with their name even though it is included in their sig...

EDIT: Wait, I was thinking you were yous3lf, I was going to come to congradulate you on another worthless post, but then realized you aren't him... But the smiles do make it look like a foolish, incompetent homosexual posted it...


Okay, okay, a simple "disable your smilies when you post code" would've sufficed. It's not like you have any grounds to judge anyone else here, anyways.



HBH -> More (good) staff -> Content with higher quality -> More activity -> HBH++
Quoted from Uber0n
Guest
Username

Password

Remember Me


Bookmark This Page
Affiliates
Adverts

 


 

 


By using, viewing or obtaining any information contained on this site, you agree to the disclaimer.

© HellBound Hackers 2007- 2008. Since 3rd December 2004.

5922921 Unique Visits

Powered by HBH-Fusion