Comments on: How to make money with XSS

By: atomiku

atomiku — Tue, 18 Jan 2011 17:08:17 +0000

XSS can be a good way to get some backlinks. Creating a HTML page that has 100s of HTML links and having the spider index it. Thanks for this article!

By: yang

yang — Thu, 01 Jul 2010 16:42:15 +0000

nice information, i have already read about the SEO but i don’t know how to use that black hot SEO..

By: bookequatry

bookequatry — Fri, 18 Apr 2008 08:29:07 +0000

I have carried out huge research and collected the most trustworthy sites about online investment in the Internet

I choose only update and developing ones and collected them in the same place. They are accessible for everybody. I offer you to acquaint with them ( online investing bookmak http://bookmark.searchengines......p/nnikolaa ) If somebody can supplement my list please publish here your research or bookmark

PS I am sorry if my message out of forum topic or it`s not interesting to community.

By: pdp

pdp — Mon, 08 Oct 2007 09:36:18 +0000

MustLive, you right there there are bugs in CAPTCHA mechanisms but if they are implemented correctly, there is no other way to break out of them but to type the string. So, OCR will remain the primary and most generic way for braking captchas.

By: MustLive

MustLive — Sun, 07 Oct 2007 23:33:30 +0000

Petko, captchas can be bypassed (using vulnerabilities in them, without any OCR). I explored a lot in this topic last time.

Like I wrote at my site (http://websecurity.com.ua/1337/#comment-60245), I’ll write an article about my MustLive CAPTCHA bypass method. And I am planning to make event about bypassing a lot of CAPTCHAs ;-) (with my method). I’ll write you in detail about this.

code?

kork, there will be a whole of month which I’ll make – Month of bugs in CAPTCHAs. This month will be full of codes (exploits) for bypassing captchas all over the Internet. So keep waiting for official announcement. You will be happy ;-), everyone will be happy, especially bad guys, but good guys too.

no code but you can check out some of the successful projects currently available for free that does break most of the CAPTCHAs.

You speaking mostly about OCR breaking of captchas or breaking with manual typing (low cost man power). But there is a way (with my methods – main and advanced) to bypass a lot of captchas in the Internet.

CAPTCHAs are dead!

Not all captchas – many still trying (for their last days). And many still making look that “they are working fine”. And many others still believe that captchas can protect them (security site’s also – there are a lot of vulnerable captchas on security sites also).

But I’ll show to web community and their captchas the real life ;-). Very soon Internet will see – the Captchas Apocalypses. A lot of captchas will die. The time has come.

By: MustLive

MustLive — Sun, 07 Oct 2007 23:04:05 +0000

Pdp, nice article! Ad-jacking it’s interesting way to make money out of XSS.

But what about others ways? :-) Such as black SEO way of making money out of XSS holes. You need to cover different sides of this topic (think about it, maybe in future you’ll write about others ways). Though this is interesting one.

Of course, attackers will keep websites with very, very, very high ranking for services such as DIGG and Reddit for manual submission, since both of them have CAPTCHAs

After I read your post in 12.09.2007, I looked at Digg’s captcha and found that it’s velnerable (to my MustLive CAPTCHA bypass method). So this captcha like a lot of others can be easily bypassed (with my method).

By: Making Money From XSS Flaws - Black Hat Forum

Making Money From XSS Flaws - Black Hat Forum — Thu, 27 Sep 2007 09:52:56 +0000

[...] Making Money From XSS Flaws I think this is very relevant to the board How to make Money With XSS#comment-53088 [...]

By: FORGE

FORGE — Thu, 27 Sep 2007 09:26:34 +0000

Yeah i think this is blackhat SEO technique. Pretty Neat if you ask me. Being doing alot of readin on it. It pawns.

By: Awesome AnDrEw

Awesome AnDrEw — Fri, 14 Sep 2007 02:16:38 +0000

Just like phishing you can use a transparent image as an overlay to subvert clicks to some other site, which could realistically put some money in your pocket depending on the type of traffic the site generates. I think I’ve read on some SEO sites that this is usually done on sites such as Wikipedia.

By: Liquidmatrix Security Digest » Security Briefing: September 11th

Liquidmatrix Security Digest » Security Briefing: September 11th — Tue, 11 Sep 2007 13:52:15 +0000

[...] How to make money with XSS [...]

By: Geld mit XSS und Game YouTube « Hier, Cutts, YouTube, Matt « Latha-Math.com

Tue, 11 Sep 2007 10:30:43 +0000

[...] Hier ist noch ein netter Artikel von GNUCITIZEN der sich mit dem Thema beschäftigt, Geld durch XSS zu verdienen. Es ist wirklich keiner von diesen Artikeln in denen es heißt: How to get rich in 3 days…. Make Money with XSS [...]

By: pdp

pdp — Tue, 11 Sep 2007 09:31:40 +0000

kork, heh :) no code but you can check out some of the successful projects currently available for free that does break most of the CAPTCHAs. The other day I had a brief discussion with AP about how to break CAPTCHAs. We concluded that almost every CAPTCHA can be broken, in one degree or another, with simple customized scripts and a couple of open source OCR tools from Freshmeat. So, no code is available, and I doubt that we are going to ever publish any code at all on this, mainly because it will be highly unethical. So you have to take my word for it and look into the subject yourself.

CAPTCHAs are dead!

By: kork

kork — Tue, 11 Sep 2007 09:20:57 +0000

CAPTCHAs can be easy broken as well.

code?

By: pdp

pdp — Tue, 11 Sep 2007 06:34:14 +0000

well, if u think about it… this technique is pretty black hat seo like

By: Adam

Adam — Tue, 11 Sep 2007 00:45:16 +0000

I thought you were going to say something about black hat seo / xss :[

By: How to make money with XSS by Social Bookmark Submission Service

Mon, 10 Sep 2007 16:13:32 +0000

[...] post by pdp and plugin by Social Bookmarking Submission [...]