Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Where you should disclose your vulnerabilities. Go read RFPolicy if you want to do responsible disclosure, and go here for when all else fails. 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
Rapidshare.com New XSS Disclosure
Posted by: nktpro
Date: July 14, 2008 07:22AM

I found another fresh XSS vulnerability from rapidshare.com last month. After 2 of my emails to them went to their blackhole somewhere, I gave up and posted on xssed.com. Such a big surprise up to now they don't bother fixing it! I don't know how many of their premium accounts got pwned because of their stupid XSS holes from time to time. I myself bought 2 premium accounts from them, and I'm at risk too! PoC here:

http://rapidshare.com/cgi-bin/wiretransfer.cgi?extendaccount=123456%22%3E%3Cscript%3Ealert(/XSS%20by%20NKTPRO/)%3C/script%3E

One more interesting fact: If you look at the rapidshare cookie format for premium users, it will be something like this:

user=xxx-yyy

where xxx is your account ID, and yyy is you urlencoded RAW PASSWORD. That means once your cookie is stolen from a hidden iframe on some JAV porn or warez forums which obviously have tons of rapidshared stuff, you lose your raw password to the hackers too! They can then change your password, email address and use your account to happily eat all your premium bandwidth for at least 2 working days (until you got rapidshare support staff to reset your account). Some nasty guys may delete all your uploaded files, folders or get their hands on your private stuff you uploaded to rapidshare.com. What else - your imagination. And yes, rapidshare.com ranks 11 world-wide by Alexa. Sighhhhhh

PS: I'm not gonna shock to death if tomorrow my premium accounts got pwned after I visited my favorite JAV forums. Just kidding :) And let's count how many days from now they gonna move their lazy ass to fix this thing :-?



Edited 4 time(s). Last edit at 07/14/2008 08:00AM by nktpro.

Options: ReplyQuote
Re: Rapidshare.com New XSS Disclosure
Date: July 14, 2008 12:59PM

Oh no, not another password stored in cookie setup =o( When will people learn?

Options: ReplyQuote
Re: Rapidshare.com New XSS Disclosure
Posted by: kuza55
Date: July 15, 2008 01:28AM

CrYpTiC_MauleR Wrote:
-------------------------------------------------------
> Oh no, not another password stored in cookie setup
> =o( When will people learn?


Aww, you're no fun; guess what happens when a system stores username/password combos in cookies and gets tied in with windows auth ^_^ (Hint: fun times)

----------------------------------------------------------
Don't forget our IRC: irc://irc.irchighway.net/#slackers
[kuza55.blogspot.com]

Options: ReplyQuote


Sorry, only registered users may post in this forum.