Where you should disclose your vulnerabilities. Go read
RFPolicy if you want to do responsible disclosure, and go here for when all else fails.
Pipl xss issues
Date: January 30, 2009 07:59AM
PDP wrote about Pipl.com (http://www.gnucitizen.org/blog/deep-inspection-of-online-personas/ ), so I tested it, and in the same time tested the little xss-tool I wrote about under Projects. I made a search for Joe Dimaggio, and then tested the resulting page for xss. THat is a site that has issues.
Related question : if a site allows < ' into a <input value="foo<>''" ... - is that exploitable in any way? They do that a lot, but at a few places they fail all three.
0 | UNSAFE | Unfiltered chars: < ' |http://www.pipl.com/search/?FirstName=Joehzg<izg"jzg'gzh&LastName=DiMaggio&City=&State=&Country=SE&CategoryID=2&Interface=1&
1 | UNSAFE | Unfiltered chars: < ' |http://www.pipl.com/search/?FirstName=Joe&LastName=DiMaggiohzg<izg"jzg'gzh&City=&State=&Country=SE&CategoryID=2&Interface=1&
2 | UNSAFE | Unfiltered chars: < ' |http://www.pipl.com/search/?FirstName=Joe&LastName=DiMaggio&City=hzg<izg"jzg'gzh&State=&Country=SE&CategoryID=2&Interface=1&
5 | UNSAFE | Unfiltered chars: < " ' |http://www.pipl.com/search/?FirstName=Joe&LastName=DiMaggio&City=&State=&Country=SE&CategoryID=2hzg<izg"jzg'gzh&Interface=1&
67 | UNSAFE | Unfiltered chars: < " ' |http://www.pipl.com/search/?CategoryID=2hzg<izg"jzg'gzh&Interface=15&UserCountry=SE&LastName=DiMaggio&FirstName=Joseph&Hint=&City=&State=&StateFullName=&Country=SE&Country3=SWE&CountryFullName=Sweden&QueryString=%22Joe+DiMaggio%22&QueryStringQuoted=%22Joe+DiMaggio%22&QueryStringUnquoted=Joe+DiMaggio&
70 | UNSAFE | Unfiltered chars: < ' |http://www.pipl.com/search/?CategoryID=2&Interface=15&UserCountry=SE&LastName=DiMaggiohzg<izg"jzg'gzh&FirstName=Joseph&Hint=&City=&State=&StateFullName=&Country=SE&Country3=SWE&CountryFullName=Sweden&QueryString=%22Joe+DiMaggio%22&QueryStringQuoted=%22Joe+DiMaggio%22&QueryStringUnquoted=Joe+DiMaggio&
71 | UNSAFE | Unfiltered chars: < ' |http://www.pipl.com/search/?CategoryID=2&Interface=15&UserCountry=SE&LastName=DiMaggio&FirstName=Josephhzg<izg"jzg'gzh&Hint=&City=&State=&StateFullName=&Country=SE&Country3=SWE&CountryFullName=Sweden&QueryString=%22Joe+DiMaggio%22&QueryStringQuoted=%22Joe+DiMaggio%22&QueryStringUnquoted=Joe+DiMaggio&
73 | UNSAFE | Unfiltered chars: < ' |http://www.pipl.com/search/?CategoryID=2&Interface=15&UserCountry=SE&LastName=DiMaggio&FirstName=Joseph&Hint=&City=hzg<izg"jzg'gzh&State=&StateFullName=&Country=SE&Country3=SWE&CountryFullName=Sweden&QueryString=%22Joe+DiMaggio%22&QueryStringQuoted=%22Joe+DiMaggio%22&QueryStringUnquoted=Joe+DiMaggio&
82 | UNSAFE | Unfiltered chars: < " ' |http://www.pipl.com/search/?CategoryID=2hzg<izg"jzg'gzh&Interface=15&UserCountry=SE&LastName=DiMaggio&FirstName=Joshua&Hint=&City=&State=&StateFullName=&Country=SE&Country3=SWE&CountryFullName=Sweden&QueryString=%22Joe+DiMaggio%22&QueryStringQuoted=%22Joe+DiMaggio%22&QueryStringUnquoted=Joe+DiMaggio&
85 | UNSAFE | Unfiltered chars: < ' |http://www.pipl.com/search/?CategoryID=2&Interface=15&UserCountry=SE&LastName=DiMaggiohzg<izg"jzg'gzh&FirstName=Joshua&Hint=&City=&State=&StateFullName=&Country=SE&Country3=SWE&CountryFullName=Sweden&QueryString=%22Joe+DiMaggio%22&QueryStringQuoted=%22Joe+DiMaggio%22&QueryStringUnquoted=Joe+DiMaggio&
86 | UNSAFE | Unfiltered chars: < ' |http://www.pipl.com/search/?CategoryID=2&Interface=15&UserCountry=SE&LastName=DiMaggio&FirstName=Joshuahzg<izg"jzg'gzh&Hint=&City=&State=&StateFullName=&Country=SE&Country3=SWE&CountryFullName=Sweden&QueryString=%22Joe+DiMaggio%22&QueryStringQuoted=%22Joe+DiMaggio%22&QueryStringUnquoted=Joe+DiMaggio&
88 | UNSAFE | Unfiltered chars: < ' |http://www.pipl.com/search/?CategoryID=2&Interface=15&UserCountry=SE&LastName=DiMaggio&FirstName=Joshua&Hint=&City=hzg<izg"jzg'gzh&State=&StateFullName=&Country=SE&Country3=SWE&CountryFullName=Sweden&QueryString=%22Joe+DiMaggio%22&QueryStringQuoted=%22Joe+DiMaggio%22&QueryStringUnquoted=Joe+DiMaggio&
97 | UNSAFE | Unfiltered chars: < " ' |http://www.pipl.com/search/?CategoryID=2hzg<izg"jzg'gzh&Interface=15&UserCountry=SE&LastName=DiMaggio&FirstName=Josiah&Hint=&City=&State=&StateFullName=&Country=SE&Country3=SWE&CountryFullName=Sweden&QueryString=%22Joe+DiMaggio%22&QueryStringQuoted=%22Joe+DiMaggio%22&QueryStringUnquoted=Joe+DiMaggio&
100 | UNSAFE | Unfiltered chars: < ' |http://www.pipl.com/search/?CategoryID=2&Interface=15&UserCountry=SE&LastName=DiMaggiohzg<izg"jzg'gzh&FirstName=Josiah&Hint=&City=&State=&StateFullName=&Country=SE&Country3=SWE&CountryFullName=Sweden&QueryString=%22Joe+DiMaggio%22&QueryStringQuoted=%22Joe+DiMaggio%22&QueryStringUnquoted=Joe+DiMaggio&
101 | UNSAFE | Unfiltered chars: < ' |http://www.pipl.com/search/?CategoryID=2&Interface=15&UserCountry=SE&LastName=DiMaggio&FirstName=Josiahhzg<izg"jzg'gzh&Hint=&City=&State=&StateFullName=&Country=SE&Country3=SWE&CountryFullName=Sweden&QueryString=%22Joe+DiMaggio%22&QueryStringQuoted=%22Joe+DiMaggio%22&QueryStringUnquoted=Joe+DiMaggio&
103 | UNSAFE | Unfiltered chars: < ' |http://www.pipl.com/search/?CategoryID=2&Interface=15&UserCountry=SE&LastName=DiMaggio&FirstName=Josiah&Hint=&City=hzg<izg"jzg'gzh&State=&StateFullName=&Country=SE&Country3=SWE&CountryFullName=Sweden&QueryString=%22Joe+DiMaggio%22&QueryStringQuoted=%22Joe+DiMaggio%22&QueryStringUnquoted=Joe+DiMaggio&
Re: Pipl xss issues
Date: January 30, 2009 08:56AM
If the input is being returned in an attribute, a better question would be do they allow the double quote. If so, then try > and <. If they don't allow the double quote - or whatever character they are using to enclose the attribute value - then you are stuck - at least on that attribute.
-----------------------------------------------------------------------
(ú=(θ='',[µ=!(Φ=!θ+{})+θ,Θ=Φ[ø=+!θ]+Φ[+θ],ĩ=µ[ø],Ø=µ[º=ø+++ø],Ç=Φ[º+ø],à=ú[Φ[º+º]+Φ[+θ]+Ç+ĩ]][Ø+Ç+Θ])())[ĩ+à('•êí')](Ç+à('Á«)'))
