That one is actually an XSS: [www.kreditwerk.de]

yay, google.

[www.google.com]

Click on "I forgot my password" and it will redirect.

-Spyware | [bitsofspy.net]



Edited 1 time(s). Last edit at 03/12/2007 02:29PM by Spyware.

[www.google.com]

-Spyware | [bitsofspy.net]

[switch.atdmt.com]

-Spyware | [bitsofspy.net]

Spyware Wrote:
-------------------------------------------------------
> yay, google.
>
> [www.google.com].
> py?answer=48598&fpUrl=http://ha.ckers.org
>
> Click on "I forgot my password" and it will
> redirect.

Nice find. I tried to do this with Yahoo!'s signout feature, but it refused to point to the URL I selected.


Awesome AnDrEw - That's The Sound Of Your Brain Crackin'
[www.awesomeandrew.net]

[service.gmx.net]

[login.live.com]

needs some research though.

-Spyware | [bitsofspy.net]

[domainhelp.search.com]

-Spyware | [bitsofspy.net]

Did we already have this one?

[sla.ckers.org] :)

What are you talking about trev? :) Click the link and see what happens. ;)

- RSnake
Gotta love it. http://ha.ckers.org

according trev's gmx.net sample:
note that GMX blocks the URL now according the rfer(r)er, how stupid can developers/admins be?

Yes, that's pretty pointless, spam mails have no referrers...

Three for the price of one!

Redirect: [usercash.com]
XSS: [usercash.com]"/onload="alert("xss")
SQL Injection: [usercash.com]'

Anybody want to improve the balance on his account? :)

[www.easyspace.com]

[blogs.msdn.com]

The National Sex Offender Registry. Did id have to tell them he was moving :-X?
[www.familywatchdog.us]


Awesome AnDrEw - That's The Sound Of Your Brain Crackin'
[www.awesomeandrew.net]

Hey now! They were all legal and mostly willing!

-id

I found that all the INPUT elements on that site go unsanitized, and are ready for XSS but only via POST requests.

id Wrote:
-------------------------------------------------------
> Hey now! They were all legal and mostly willing!
I remember when I was 16 I told my mom that when I started driving I was going to go to all the local clubs, and pick up drunk and drugged out girls to take advantage of. Then I told her, "It's not rape. It's surprise sex. SURPRISE!"


Awesome AnDrEw - That's The Sound Of Your Brain Crackin'
[www.awesomeandrew.net]

I must say that i am learning hell lot of techniques down here. Redirect and XSS, it will be useful for my pentest. Thank you guys.

hackathology

[hackathology.blogspot.com]

[jdl.sun.com]

[dect.myspace.com]

-tx @ lowtech-labs.org

[www.poopreport.com] =oP

________________________________________________________________________
www.crypticmauler.com
"You must be the change you wish to see in the world."

CrYpTiC_MauleR: Nice find! That one is actually an HTTP Response Splitting vulnerability in Openads 2.0:

[www.poopreport.com] (try this in Firefox)

Funny thing: looking at the source code of adclick.php, it already "protects" against HTTP Response Splitting - \r\n in the destination isn't allowed, using \n is still possible however :)

This is a pretty popular script. Want to post this on the Full Disclosure mailing list? It will get more attention there.

You can post it, your find. I didn't bother to check it out any further, just bored last night =oP and no I wasn't reading the latest poop news.

________________________________________________________________________
www.crypticmauler.com
"You must be the change you wish to see in the world."

[macdailynews.com]

[portal.spidynamics.com]

nEUrOO -- [rgaucher.info] -- [twitter.com]

[www.hackers.org] =oP

________________________________________________________________________
www.crypticmauler.com
"You must be the change you wish to see in the world."

[search.verisign.com]

Also HTTP Response Splitting
[search.verisign.com]

________________________________________________________________________
www.crypticmauler.com
"You must be the change you wish to see in the world."

Some sort of cgi proxy:

[www.min-edu.pt]

-------------------------------
[fr3dc3rv.blogspot.com]

Sorry if this one is an oldie, but here it comes.

[www.google.com]?

Googles redirect service ;p