rustywalrus.com XSS Vulnerablity

So I was searching around google and I came across this shit site called rustywalrus.com so I thought "Hey what the heck lets see what I can do." It turns out the site is vulnerable to XSS; however, its non-persistent and I did not find a place to upload a cookie catcher so all I can do it display messages to my self :/ hey its still a hack! Here are some pics:

See? Its vulnerable!

here is my temp deface! Oh YeA!

Lol, like my deface page? It took me 5 minutes to make! Heres the code:




<html>
    <head><title>You Were Hacked</title></head>
<body bgcolor=black background="http://t3.gstatic.com/images?q=tbn:ANd9GcSGdXMiA99OcxPAfbaCHI7Ud5DXdZEXpoyHx81qE8MzziwRVnSLDg">


<center>
<br/><br/><br/><br/><br/>
<script language="Javascript"><!--
var tl=new Array(
"Connecting...",
"Injecting code...",
"",
"security == 0;",
"",
"if(security == 0){",
"    echo 'Admin You Fail!';",
"}",
"",
"Admin You Fail!",
"",
"You were hacked by Max00355",
"You made it way too easy...",
"Please learn to code!" ,
"I am not a criminal... if anything I helped you... you should thank me!",
"I will be keeping an eye on you to make sure you improve your security... if you don't all your files will be deleted...",
"Check out my blog http://hackoria.blogspot.com"



);
var speed=30;
var index=0; text_pos=0;
var str_length=tl[0].length;
var contents, row;


function type_text()
{
 contents='';
 row=Math.max(0,index-9);
 while(row<index)
contents += tl[row++] + '\r\n';
 document.forms[0].elements[0].value = contents + tl[index].substring(0,text_pos) + "_";
 if(text_pos++==str_length)
 {
text_pos=0;
index++;
if(index!=tl.length)
{
 str_length=tl[index].length;
 setTimeout("type_text()",800);
}
 } else
setTimeout("type_text()",speed);
 
}
//--></script>


<form><textarea background="red"rows=10 cols=60 wrap=soft ></textarea></form>


<script language="Javascript">type_text();</script>
</center>
</html>








Wow kids are stupid...

In my school you are aloud to bring in your laptops for work, and what not. There is this one kid who is so annoying about his Mac, bragging about it telling people how he bought it with his money what ever. Well today I asked if I could use his computer to check my grades (at this point I had no intentions of doing anything evil) When I was just about to finish what I was doing it came to me "This kids using firefox, which means I can see his passwords easily!" When I saw his passwords I kinda giggled to my self, his password was "Pokemon" with a capital P! There isnt really much I can do with this, I mean I dont really wanna ruin his facebook or anything so all I really did was delete his school emails so he cant do his homework! haha, and yes his password is the same for everything. This isn't really hacking as much as it is thinking quickly but I thought it would be a fun share.

What do you think I should do with it?

Welcome to Hackoria!

Welcome to Hackoria!

What is hacking? When we think of hacking we think of computers, getting the login information from one of your friends, or just getting into someones computer. Thats not what hacking is at all. Hacking is an art, one of solving problems that no one else can. Leonardo Da Vinci was a hacker, Albert Einstein was a hacker, and I am a hacker.

I am 15 years old and have been intrigued by technology for as long as I can remember. I love to take things apart and see how they worked and as I grew older I started to learn to program which opened a whole new world to me. I then started to learn several exploitation techniques such as SQL Injection, SSI, XSS, and from there just continued to expand my knowledge. Hacking has given me a whole new way to look at life and things in life and I hope by reading my blog it will do the same for you.

So what will be in this blog? Well, I really created this blog for my self. I felt like I need to share the information I gain with you. I will make tutorials, information, etc about the stuff I do in life that involves   hacking, programming, and having fun. I hope you enjoy it!