Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
The ha.ckers.org and sla.ckers.org web application security lab house rules and a place for you to introduce yourself if you like. 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
Site that doesn't sanitize URL's
Posted by: xyberpix
Date: August 16, 2009 05:13PM

Hi all,

Okay, so I'm on this site, where I can paste URL's into it for news stories, and I've found that if I put a link in that is vulnerable to XSS, then the site re-directs the user and the js executes the alert that I wanted it to.

How can I make more use of this though, as I'd imagine that the initial launchpad site, should be doing some filtering before forwarding? Or am I way off here?

TIA
xyberpix

Options: ReplyQuote
j
Posted by: Anonymous User
Date: August 16, 2009 05:39PM

q



Edited 1 time(s). Last edit at 10/16/2009 04:11AM by philip_clarke.

Options: ReplyQuote
Re: Site that doesn't sanitize URL's
Posted by: xyberpix
Date: August 17, 2009 01:24AM

Hi Philip,

Thanks for the response on this one, what you mentioned is what I was planning on doing anyway, but ideally I would like some hints on how else this could be utilized for attack purposes so that I can add these into my report to them.

Thank you

Options: ReplyQuote
e
Posted by: Anonymous User
Date: August 17, 2009 06:43AM

h



Edited 1 time(s). Last edit at 10/16/2009 04:10AM by philip_clarke.

Options: ReplyQuote
Re: Site that doesn't sanitize URL's
Posted by: xyberpix
Date: August 17, 2009 07:57AM

Hi Philip,

Thanks again, just to make sure that we're on the same page here.

Let's say the site in question is www.abc.com, and this is the site that I can post news articles to.

So once I log into www.abc.com, I then post the following link http://www.def.com/search.asp?<<SCRIPT>alert("XSS");//<</SCRIPT>

Site www.def.com is vulnerable to XSS, but www.abc.com is not. But site www.abc.com allows me to post the news article including the script tags as a news article.

So site www.abc.com could be used as a lauchpad, does that make sense? If so, I would then notify site www.abc.com of them not filtering news urls correctly right?

Thanks again,
xyberpix

Options: ReplyQuote
e
Posted by: Anonymous User
Date: August 17, 2009 11:00AM

F



Edited 1 time(s). Last edit at 10/16/2009 04:10AM by philip_clarke.

Options: ReplyQuote
Re: Site that doesn't sanitize URL's
Posted by: xyberpix
Date: August 17, 2009 03:20PM

Fair enough, thank you anyway

Options: ReplyQuote
Re: Site that doesn't sanitize URL's
Posted by: xyberpix
Date: August 17, 2009 03:21PM

Reported it to site admin anway, we'll see what happens

Options: ReplyQuote
D
Posted by: Anonymous User
Date: August 17, 2009 06:49PM

F



Edited 1 time(s). Last edit at 10/16/2009 04:10AM by philip_clarke.

Options: ReplyQuote
Re: Site that doesn't sanitize URL's
Posted by: xyberpix
Date: August 18, 2009 03:33PM

Only just realized that I posted this in completely the wrong forum, apologies all.

Options: ReplyQuote


Sorry, only registered users may post in this forum.