Paid Advertising
SLA.CKERS.ORG
HA.CKERS SLACKING
Where you should disclose your vulnerabilities. Go read RFPolicy if you want to do responsible disclosure, and go here for when all else fails.
Rapidshare.com New XSS Disclosure
Posted by: nktpro (IP Logged)
Date: July 14, 2008 07:22AM
I found another fresh XSS vulnerability from rapidshare.com last month. After 2 of my emails to them went to their blackhole somewhere, I gave up and posted on xssed.com. Such a big surprise up to now they don't bother fixing it! I don't know how many of their premium accounts got pwned because of their stupid XSS holes from time to time. I myself bought 2 premium accounts from them, and I'm at risk too! PoC here:
[rapidshare.com]
One more interesting fact: If you look at the rapidshare cookie format for premium users, it will be something like this:
user=xxx-yyy
where xxx is your account ID, and yyy is you urlencoded RAW PASSWORD. That means once your cookie is stolen from a hidden iframe on some JAV porn or warez forums which obviously have tons of rapidshared stuff, you lose your raw password to the hackers too! They can then change your password, email address and use your account to happily eat all your premium bandwidth for at least 2 working days (until you got rapidshare support staff to reset your account). Some nasty guys may delete all your uploaded files, folders or get their hands on your private stuff you uploaded to rapidshare.com. What else - your imagination. And yes, rapidshare.com ranks 11 world-wide by Alexa. Sighhhhhh
PS: I'm not gonna shock to death if tomorrow my premium accounts got pwned after I visited my favorite JAV forums. Just kidding :) And let's count how many days from now they gonna move their lazy ass to fix this thing :-?
Edited 4 time(s). Last edit at 07/14/2008 08:00AM by nktpro.
[rapidshare.com]
One more interesting fact: If you look at the rapidshare cookie format for premium users, it will be something like this:
user=xxx-yyy
where xxx is your account ID, and yyy is you urlencoded RAW PASSWORD. That means once your cookie is stolen from a hidden iframe on some JAV porn or warez forums which obviously have tons of rapidshared stuff, you lose your raw password to the hackers too! They can then change your password, email address and use your account to happily eat all your premium bandwidth for at least 2 working days (until you got rapidshare support staff to reset your account). Some nasty guys may delete all your uploaded files, folders or get their hands on your private stuff you uploaded to rapidshare.com. What else - your imagination. And yes, rapidshare.com ranks 11 world-wide by Alexa. Sighhhhhh
PS: I'm not gonna shock to death if tomorrow my premium accounts got pwned after I visited my favorite JAV forums. Just kidding :) And let's count how many days from now they gonna move their lazy ass to fix this thing :-?
Edited 4 time(s). Last edit at 07/14/2008 08:00AM by nktpro.
Re: Rapidshare.com New XSS Disclosure
Posted by: CrYpTiC_MauleR (IP Logged)
Date: July 14, 2008 12:59PM
Oh no, not another password stored in cookie setup =o( When will people learn?
________________________________________________________________________
www.crypticmauler.com
"You must be the change you wish to see in the world."
________________________________________________________________________
www.crypticmauler.com
"You must be the change you wish to see in the world."
Re: Rapidshare.com New XSS Disclosure
Posted by: kuza55 (IP Logged)
Date: July 15, 2008 01:28AM
CrYpTiC_MauleR Wrote:
-------------------------------------------------------
> Oh no, not another password stored in cookie setup
> =o( When will people learn?
Aww, you're no fun; guess what happens when a system stores username/password combos in cookies and gets tied in with windows auth ^_^ (Hint: fun times)
----------------------------------------------------------
Don't forget our IRC: irc://irc.irchighway.net/#slackers
[kuza55.blogspot.com]
-------------------------------------------------------
> Oh no, not another password stored in cookie setup
> =o( When will people learn?
Aww, you're no fun; guess what happens when a system stores username/password combos in cookies and gets tied in with windows auth ^_^ (Hint: fun times)
----------------------------------------------------------
Don't forget our IRC: irc://irc.irchighway.net/#slackers
[kuza55.blogspot.com]
Sorry, only registered users may post in this forum.
sla.ckers.org RSS feed
Board haX0r3d together by ha.ckers.org, forshizzle.
SecTheory Security Consulting *