Skip to main content

How I XSSed My Crush ;)

This post is all about how I used XSS to impress my crush so if you are not interested then stop reading this and get back to your work :)


*Let the story begin*

So few years ago when I was just chatting with some random people on facebook suddenly a random link appeared in message box.




The message was from her so I was obviously curious to know what that link was about. So next day I visited the link and then this page appeared :




When I saw this page I was like  "Holy fuck!!! This is what I wanted my entire life!!!!!"

So like a typical fool I entered all details and clicked on "Click to find out".
Now page was slowly loading and I was expecting the MAGIC to happen BUTTTTTTTT instead SHIT happened :



At this point = (She : 1 Me : 0)

Now I was like "What the f**k I ever did anything wrong with you???"




I was disappointed to know that I was fooled by a girl. No , Actually it was because she was the only prettiest friend I had that time and I don't wanted her to think that I'm a fool.

I wanted to save my ass at any cost.
She was offline and she usually comes online at night so I had enough time to think how I can take the revenge.

Then suddenly something happened in my brain and I was like :

"Challenge Accepted"

As we all know security of such websites is lame as f**k so I decided to hack that website.
I easily found SQLi but getting her account password wasn't what I wanted. I wanted to do something cool ;)
Then I found a stored XSS ......... And the interesting part about this XSS was it triggers as soon as the user login to their account.

At this point = (She : 1 Me : 1)

So it was my evil payload :

<script>
alert(" Mess with the best die like the rest ... ! ");
prompt(" Say sorry 100 times to get back your account.  ");
location.href="https://www.facebook.com/Innoxent.Rakesh";
</script>


Now payload was injected properly and all I had to do is wait for her response ;)

And then :

At this point = (She : 1 Me : 2)

Whenever she tried to login to her account my injected payload was getting executed and after two pop ups she was getting redirected to my facebook profile automatically. 
It was more evil than just getting her password, isn't it?


And after some requests I helped her to recover her account.



Now it was amazing moment for me , she was totally impressed  ;)


So this is how I XSSed her and end up being awesome instead of being a dumb ass.



Conclusion :

If you are using computer then you should at least know how to turn off the f***ing Javascript .

Comments

  1. your the inspiration for me . i was so unhappy but after your trick and i also able to csrf my girlfriend . and also i idor my girlfriend .. even i share this post to my friends and they RCE their girlfriend .. so happyyyyyyyy thank you buddy ..

    ReplyDelete
  2. Thennks Dude!!! First I Had Sed life now this changed my lyffff !!!! Thenks

    ReplyDelete
  3. i am his girlfriend ... you fuckers dont bad comments on it ..

    your janu romansh

    ReplyDelete
  4. I'm his wife.. I miss you Raks. Ooo nadan parinde ghar aaja!!

    ReplyDelete
    Replies
    1. Who the fuck you are to call my rakus raks .. you fukinggggg bitch ..

      rakus come back to my life .. you can do xss and sqli also .. :(

      Delete
    2. Tell me your rate ?

      Delete
  5. Hey @rakeshmane when your coming bro?

    ReplyDelete
  6. Hey Rakuu,
    Are you single ?

    ReplyDelete

Post a Comment

Popular posts from this blog

U-XSS in OperaMini for iOS Browser (0-Day) [CVE-2019-13607]

TL;DR :  The latest version (16.0.14) of  Operamini for iOS browser is affected by an Universal-XSS vulnerability which can be triggered by performing navigation from target domain to attacker controlled domain. When attacker controlled domain returns " javascript:code_here " in " location " header then browser executes the javascript code in the context of target domain instead of attacker domain. This vulnerability is yet not fixed by Opera team.  Update [15 July 2019] :  CVE-2019-13607 is assigned to this vulnerability. So while playing with Operamini browser I noticed that when a navigation to " javascript " protocol occurs via " location " header then browser executes the provided javascript code. For example if the value of " location " header is " javascript:alert() " then javascript code "alert()" gets executed by the browser. Normally browsers prevent navigation to " javascript: " URL

Bug Bounty : Account Takeover Vulnerability POC

Hello, In this post I'm going to share how I could takeover www.example.com users accounts. So, what was the vulnerability? Well , It was a very simple OAuth flaw which I could use to takeover users account with minimal user interaction. Cut the crap, Give me POC -_- Ok. www.example.com users have an option to connect their facebook account to their example.com account.  Once a user connects his facebook account to his example.com account he does not need to enter his username/password to login instead he can simply click on "Sign in using Facebook" and he will be logged in (only if he is already logged in into his facebook account which he connected to his example.com account) Ok all looks good let's see what happens in background when any user clicks on "Connect with Facebook" GET Request  :   https://m.facebook.com/v2.2/dialog/oauth?redirect_uri=https://www.example.com/user_profile.php?action=fb_connect&scope=email,

JSP ContextPath Link Manipulation - XSS

This post is about how to manipulate resource links of HTML elements (script, img, link, etc) when getContextPath  method is used to obtain base path of resources. With the ability to manipulate links you can do XSS, CSS Injection, etc. Basically we are going to use path parameters to manipulate context path such that links would point to attacker's domain. There's a good blog that talk about the similar issues :  https://superevr.com/blog/2011/three-semicolon-vulnerabilities However this post is more about manipulating context path to hijack resource links of HTML elements .  So let's have a look at a simple JSP page ( test.jsp ) Ref :  https://www.roseindia.net/jsp/request-getcontextpath.shtml This page just loads some resources like script, image, css and that's it. It doesn't take any direct input from user but it is using value returned by r equest.getContextPath() as base path to resources link. What can we do here? Let's try to contro