lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <CAH-PCH58hijG7iLZ4bVfDb=Tb0SNdWs47Fg9pJGZnPrhmnAFcw@mail.gmail.com>
Date: Sun, 5 Feb 2012 21:09:45 +0100
From: Ferenc Kovacs <tyra3l@...il.com>
To: Luis Santana <hacktalk@...ktalk.net>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: Vulnerability-lab.com XSS

On Fri, Feb 3, 2012 at 4:21 PM, Luis Santana <hacktalk@...ktalk.net> wrote:

> Earlier today I tried to contact the people over at
> http://vulnerability-lab.com about an XSS vulnerability I found on their
> site (ironic) but it appears they want nothing to do with me. Praise
> Full-Disclosure.
>
> [image: Vulnerability-lab.com XSS - HackTalk Security]<http://i.imgur.com/CripA.jpg>
>
> http://i.imgur.com/CripA.jpg
>
> The Irony Of A Site For Disclosing Site Being Itself Vuln To Something So
> Trivial
>
>
>
> Basically I tried to report this issue to them through a private message
> on youtube and then a follow request on twitter (so I could DM them) but to
> no avail. Eventually rem0ve joined freenode and messaged me and told me he
> didn’t want to be cooperative with me or even be friendly. Sometimes being
> a prick just makes you look like an idiot.
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>

Judging from the screenshot, it seems to be a reflected XSS through the
User-Agent field.
I would be curious how could this be exploited from the client side as you
can't manipulate other visitors User-Agent header.
Of course if the User-Agent is logged and the admin area which displays the
logs has the same defect, then this is a different story.

-- 
Ferenc Kovács
@Tyr43l - http://tyrael.hu

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ