Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Where you should disclose your vulnerabilities. Go read RFPolicy if you want to do responsible disclosure, and go here for when all else fails. 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
Bla bla bla and blubb.com "Hacked" (Samy Style)
Posted by: beNi
Date: March 31, 2007 04:10PM

Hey you slackers, perhaps some know me from the past, its me beNi :)

In case some of you are interested in another ... kind of XSS worm, check this out:
http://mybeni.rootzilla.de/mybeNi/2007/digg_delicious_netscape_technorati_hacked/

hint: "tpircson" !! ;-)

regards,
benjamin "beNi" flesch
mybeNi websecurity
http://mybeni.rootzilla.de/mybeNi/

Options: ReplyQuote
Re: Bla bla bla and blubb.com "Hacked" (Samy Style)
Posted by: psifertex
Date: April 01, 2007 01:24AM

I really don't see script for a worm anywhere -- where am I missing it?

I see the character encoded frame break out code up top, the code to color the stars, and the iframe at the bottom that looks like goes to a page with nothing in it.

Anybody want to give me a hint what I should be looking at? I'm sure I overlooked something...

Options: ReplyQuote
Re: Bla bla bla and blubb.com "Hacked" (Samy Style)
Posted by: beNi
Date: April 01, 2007 02:22AM

Hehe, you lost ;-)

The page with nothing in it was an Javascript Payload which has only been served to you once.
Better luck next time, dude!

http://mybeni.rootzilla.de/mybeNi/2007/one-time_javascript_payload_howto/

Options: ReplyQuote
Re: Bla bla bla and blubb.com "Hacked" (Samy Style)
Date: April 02, 2007 03:02AM

I believe I viewed it, but lost interest in finding where it was, or what it did. What events transpired on the initial view?


Awesome AnDrEw - That's The Sound Of Your Brain Crackin'
http://www.awesomeandrew.net/

Options: ReplyQuote
Re: Bla bla bla and blubb.com "Hacked" (Samy Style)
Posted by: beNi
Date: April 02, 2007 11:27AM

hm a php script served the actual html document only once to every ip. this php was embedded in the page via an iframe.
On the html document there was an (invisible) iframe for every xss, the xss took the payload from my servers. thats all, but it didnt work at the beginning, took me 2 hours after the Digg was posted to get it working -> lost a lot of diggs :(

Options: ReplyQuote


Sorry, only registered users may post in this forum.