Posts Tagged ‘xss’

« Older Pages

XSS Revenge : eu2010.es HACKED

Wednesday, January 6th, 2010

Political websites have been hacked over the past 24 hours to leave leaders with red faces.

A report on BBC News said that visitors to Spain’s EU presidency website were greeted by an image of comedy character Mr Bean instead of the Spanish Prime Minister Jose Luis Rodriguez Zapatero.

The government said that the site – www.eu2010.es – had not been attacked and that a hacker had taken a screenshot of the homepage to make a photo montage using a cross-site scripting (XSS) vulnerability. Visitors found an image of Mr Bean complete with a benign smile and the words ‘Hi there’.

Tags: , , ,
Posted in Articles, Hacking, News, Writing | Comments Off

HP-UX On Apache-based Web Server, Remote Denial of Service (DoS) & Cross-Site Scripting (XSS) Unauthorized Access

Saturday, October 24th, 2009

Remote Denial of Service (DoS), cross-site scripting (XSS), unauthorized access

Potential security vulnerabilities have been identified with HP-UX running Apache-based Web Server. The vulnerabilities could be exploited remotely to cause a Denial of Service (DoS), cross-site scripting (XSS) or unauthorized access. Apache-based Web Server is contained in the Apache Web Server Suite.

Affected Versions:
HP-UX B.11.23, B.11.31 running Apache-based Web Server versions before v2.2.8.05
HP-UX B.11.11, B.11.23, B.11.31 running Apache-based Web Server versions before v2.0.59.12

Updates are available:
http://software.hp.com

References:
SUPPORT COMMUNICATION – SECURITY BULLETIN from HP (HP Unix)

Tags: , , , ,
Posted in Bsd and *nix, Hacking, Infosecurity, News, PoC, Webappsec | Comments Off

vBulletin 3.8.4/3.7.6/3.6.12 XSS Vulnerability

Friday, October 9th, 2009

vBulletin 3.8.4/3.7.6/3.6.12 XSS Vulnerability Cross site scripting redirection

An Cross Site Scripting Vulnerability in vBulletin Board versions 3.8.4,3.7.6,3.6.12 within the user profile page allows an attacker to carry out an action as a user or obtain access to a user’s account. The “Home Page” field in the user profile was only checking the user input for either “www” or the following regular expression written in normal text.
The output in the Home Page field is encoded with most likely htmlspecialchars(),however before the patch it did not check if a user would create a link that would send an unknowing user to either the data: or javascript URI scheme.
This means that we should avoid since that becomes " .. The other characters like < will become < which is %3C which is almost the same. Please see how htmlentities() and htmlspecialchars() works in PHP.

javascript://%0adocument.write(”)

It can be used for external javascript inclusion or to show an home page alert.

Affected :
3.8.4 / 3.7.6 / 3.6.12
Patches :
3.8.4PL1 / 3.7.6PL1 / 3.6.12PL1

Vendor References :
http://www.vbulletin.com/forum/showthread.php?t=319572

Tags: , , , , ,
Posted in Exploits, Hacking, Infosecurity, PoC, Webappsec | Comments Off

Facebook XSS URL String Evasion

Tuesday, September 29th, 2009

Facebook Social Network XSS Url string Evasion – Facebook suffers of a xss url evasion

Example

http://apps.facebook.com/quizzname/?next=[]

Proof of Concept

http://apps.facebook.com/quelendroitltwgzmv/?next=link

http://apps.facebook.com/queldictateursommeil/?next=xss

You can also use this vulnerability to redirect victim to a phishing page :

http://apps.facebook.com/quizzname/?next=link

We all love Facebook :-(

Tags: , , , , ,
Posted in Exploits, Hacking, Infosecurity, News, PoC, Stuffs | Comments Off

Orion Application Server XSS Vulnerability

Sunday, September 27th, 2009

Orion Application Server XSS Vulnerability

A vulnerability in Orion Application Server (Java) allows an attacker to cause execution of malicious scripting code in the browser of a user who clicks on a link to a Orion Application server site. Such code would run within the security context of the target domain. This type of attack can result in non-persistent defacement of the target site, or the redirection of confidential information (i.e.: session IDs) to unauthorised third parties.

/examples/jsp/sessions/carts.jsp?item=

/examples/jsp/checkbox/checkresult.jsp?fruit=

/examples/jsp/cal/cal2.jsp?time=

Tags: , , , , ,
Posted in Exploits, Hacking, Infosecurity, PoC | 1 Comment »

« Older Pages