PDA

View Full Version : The best programming language - Power



deleteX
11-03-2006, 10:59 PM
Hi :)

What is the best programming language over the world?
I want to learn but I don't know what I will chose !

Tell me. ;)

Ezekiel
11-04-2006, 04:27 AM
Hi :)

What is the best programming language over the world?
I want to learn but I don't know what I will chose !

Tell me. ;)

Programming languages are each for different purposes. No one language is better than all the others.


For web scripting, we have XHTML, CSS, Javascript, PHP, Perl, ASP, and many more.

For computer programming, we have C, C++, Java, VB, C#, Perl, Python, and many more.


If you want to learn about websites, try learning XHTML, CSS, and Javascript first before moving on to something like PHP.

If you want to learn about programming, try either C or C++ first; if you have problems with that start with an easier language like Python.

LapraS
11-04-2006, 11:35 AM
Mike, you know anything about stealing SESSION IDs?

Ezekiel
11-04-2006, 02:08 PM
Mike, you know anything about stealing SESSION IDs?

Why would you want to do that?

LapraS
11-05-2006, 04:55 AM
In order to gain access to someones account?
Im referring to a game I play called Bootleggers.
Its online and textbased. I have made a profile hack once. I coded PHP and obtained SESSION Ids by people viewing my *00x*00 banner. I simply used a cookie editor ( firefox extension ) to add the SESSION.

Ezekiel
11-05-2006, 06:05 PM
In order to gain access to someones account?
Im referring to a game I play called Bootleggers.
Its online and textbased. I have made a profile hack once. I coded PHP and obtained SESSION Ids by people viewing my *00x*00 banner. I simply used a cookie editor ( firefox extension ) to add the SESSION.

Well, you would use a flaw such as cross site scripting to steal cookie data. XSS holes are common - there's one in the site you're looking at now.

Moonbat
11-05-2006, 08:40 PM
I'm gonna hope this is it.

<img src="javascript:alert("This?")">

Guess not, maybe...

<img src=javascript:alert("This?")>

Hmm... no....

<img src="javascript:alert('This?')">

Gah, last try, pleaseohplease work...

<img src=alert("Hello")>
-----------------------------------------------
Nvm, theses guys are smart, they change the output to the webpage so it looks like this


<!-- message -->
<div id="post_message_*4725">I'm gonna hope this is it.<br />
<br />
&lt;img src=&quot;javascript<b></b>:alert(&quot;This?&quot;)&quot;&gt;<br />
<br />
Guess not, maybe...<br />
<br />
&lt;img src=javascript<b></b>:alert(&quot;This?&quot;)&gt;<br />
<br />
Hmm... no....<br />
<br />
&lt;img src=&quot;javascript<b></b>:alert('This?')&quot;&gt;<br />
<br />
Gah, last try, pleaseohplease work...<br />
<br />
&lt;img src=alert(&quot;Hello&quot;)&gt;</div>
<!-- / message -->


I guess the filter replaces my <,>," with the HTML character entity value. I've seen some forums that don't do this, therefore are vulnerable to injection. They would see the alert come up.

LapraS
11-06-2006, 04:34 AM
I will try to post the profile hack I have scripted as soon as possible.
As for Session ID I was referring to the *2 digits cookie such as:
edb0e8665db4e*042fe0*76a8*aade*6
Basically what I did was find a free webhost, upload 4 files, namely; cookies.txt
js.php, js.js.
In my profile I posted a link to my webhost. Whenever someone viewed my profile his/her Session ID was shown on my webhost. I simply copied this Session ID into the Anec Cookie editor...
I submitted;
Name: PHPSESSID
Path: www.bootleggers.us
And the Session ID
I opened Mozilla Firefox and browsed for www.bootleggers.us/news.php.

Ezekiel
11-06-2006, 11:06 AM
I'm gonna hope this is it.

<img src="javascript:alert("This?")">

Guess not, maybe...

<img src=javascript:alert("This?")>

Hmm... no....

<img src="javascript:alert('This?')">

Gah, last try, pleaseohplease work...

<img src=alert("Hello")>
-----------------------------------------------
Nvm, theses guys are smart, they change the output to the webpage so it looks like this



I guess the filter replaces my <,>," with the HTML character entity value. I've seen some forums that don't do this, therefore are vulnerable to injection. They would see the alert come up.

No, the bug is in the top right search box for the actual site. If you enter this into it, you get the popup:

</title></head><body><script type="text/javascript">alert("XSS");</script>

As for bugs in widely used forum scripts; they're rare. In forums like vBulletin, they're non-existent (most of the the time).

Rase
11-30-2006, 04:40 PM
Javascript + Advanced html Ftw.

Also C Is ok.