Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Where you should disclose your vulnerabilities. Go read RFPolicy if you want to do responsible disclosure, and go here for when all else fails. 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
xss in myspace.com
Posted by: GaSmo
Date: December 30, 2007 06:42AM

http://sads.myspace.com/index.cfm?fuseaction=popupimporter.carrier&carrier=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E&MyToken=

Options: ReplyQuote
Re: xss in myspace.com
Posted by: klaus
Date: December 30, 2007 01:32PM

Here comes another worm...?!

Options: ReplyQuote
Re: xss in myspace.com
Posted by: rsnake
Date: December 30, 2007 02:48PM

Nice find!

- RSnake
Gotta love it. http://ha.ckers.org

Options: ReplyQuote
Re: xss in myspace.com
Posted by: sirdarckcat
Date: December 30, 2007 02:54PM

don't you tempt me klaus! xD

I've been wanting to do a CSS based worm for some time now.. maybe it's the time.. uhm..

--------------------------------
http://sirdarckcat.blogspot.com/ http://www.sirdarckcat.net/ http://foro.elhacker.net/ http://twitter.com/sirdarckcat

Options: ReplyQuote
Re: xss in myspace.com
Posted by: johnsonsmith1
Date: January 03, 2008 02:53PM

I tired to get this to log cookies to a text file but it only logs the IP address and not the rest of the cookie

Options: ReplyQuote
Re: xss in myspace.com
Posted by: 4909
Date: January 05, 2008 09:05PM

`



Edited 1 time(s). Last edit at 01/09/2008 12:13AM by 4909.

Options: ReplyQuote
Re: xss in myspace.com
Posted by: osborne
Date: January 07, 2008 04:49PM

"i know myspace uses httponly for seve..."

thats what HttpRequest is for...

Options: ReplyQuote
Re: xss in myspace.com
Posted by: rsnake
Date: January 07, 2008 07:10PM

@osborne - that would work if you XMLHttpRequested the page that omitted the cookie. Otherwise cookies are only sent in the other direction (from your client to the server, not the other way around). There aren't that many sites that omit the cookie over and over again without some sort of login information sent first. So in reality, XMLHttpRequest isn't really that great at circumventing HTTPOnly. At least not from what I've found.

- RSnake
Gotta love it. http://ha.ckers.org

Options: ReplyQuote
Re: xss in myspace.com
Posted by: arshan
Date: February 24, 2008 06:33PM

Unless they have TRACE on, then you could XHR with the TRACE method and parse the cookie out.

Time to start lurking.

Options: ReplyQuote


Sorry, only registered users may post in this forum.