Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Where you should disclose your vulnerabilities. Go read RFPolicy if you want to do responsible disclosure, and go here for when all else fails. 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
Craigslist XSS Found
Posted by: Coolty
Date: January 06, 2008 01:39AM

I realize that this might be patched once i post this here, kind of wanted to keep this a secret of my own.
But, here it is:

http://reno.craigslist.org/zip/529954508.html

The actual xss is just one line, it redirects to a site that looks like craigslist, but is hosted elsewhere. Thus creating the effect of flash implemented on craigslist. The remote site uses http refer to detect where you are coming from, and displays the remote html. (fakelist.js-->remote site->htaccess->refer information->display html page.)



Edited 1 time(s). Last edit at 01/06/2008 05:23PM by Coolty.

Options: ReplyQuote
Re: Craigslist XSS Found
Posted by: rsnake
Date: January 06, 2008 01:57PM

Pretty interesting! Did you just stumble on someone using this or did you find the issue?

- RSnake
Gotta love it. http://ha.ckers.org

Options: ReplyQuote
Re: Craigslist XSS Found
Posted by: Coolty
Date: January 06, 2008 05:20PM

Well, it started when i had the urge to rickroll craigslist. Upon noticing it filtered most html and java, except img tag, i played around until i found something that that firefox would accept. This doesnt work in IE unfortunately, but who cares about ie.

Options: ReplyQuote
Re: Craigslist XSS Found
Posted by: rsnake
Date: January 06, 2008 06:34PM

Hahah, well as a percentage of browsers IE is relevant... but yes... very interesting.

- RSnake
Gotta love it. http://ha.ckers.org

Options: ReplyQuote
Re: Craigslist XSS Found
Posted by: 4909
Date: January 06, 2008 09:38PM

`



Edited 1 time(s). Last edit at 01/09/2008 12:13AM by 4909.

Options: ReplyQuote
Re: Craigslist XSS Found
Posted by: Coolty
Date: January 06, 2008 10:46PM

For the non-malacious use, you could use this method to host more robust pages on craigslist.

For the 1337 h4xx0r, you could use this method to steal people's credit card or personal information, (eg, phising, "we need to update your personal account")


There are just so many possibilities, although I hope this isn't used for evil :)

Options: ReplyQuote
Re: Craigslist XSS Found
Date: January 08, 2008 07:07PM

I've found XSS vulnerabilities within the listing area before, but never really bothered posting them because I just didn't see it as being of much use.


Awesome AnDrEw - That's The Sound Of Your Brain Crackin'
http://www.awesomeandrew.net/

Options: ReplyQuote
Re: Craigslist XSS Found
Posted by: Coolty
Date: January 10, 2008 12:09AM

Well it looks like they patched it. :)

I was hoping they would read this forum and fix the bug.

Their new filtering scheme is a little bit harder to get around, but i'm sure if I worked at it long enough I could come up with something... until next time!

Options: ReplyQuote
Re: Craigslist XSS Found
Date: January 12, 2008 02:43AM

This one took two seconds to find. Enjoy.
http://sfbay.craigslist.org/search/sss?query=">

Options: ReplyQuote


Sorry, only registered users may post in this forum.