Follow us on Twitter!
The measure of a mans life is not how well he dies, but how well he lives.
Sunday, April 20, 2014
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 23
Guests Online: 21
Members Online: 2

Registered Members: 82843
Newest Member: hx47
Latest Articles
View Thread

HellBound Hackers | Computer General | Web hacking

Author

xss on personalized page

clone4
Member



Posts: 586
Location: He is back and he's bad!
Joined: 25.11.07
Rank:
Mad User
Posted on 23-04-09 17:41
here's the deal, I've found couple of xss holes in a site. It works rather like gmail, i.e. you login with your email details and then you can edit your peronal page content. Now of course since I can get the xss only on my pages, it can't be exploited. Normally I'd try to exploit the vulnerability via csrf, i.e. make the person to send the necessary get requests, however all the variable input is properly verified with hash ids, so that isn't possible. So basically have you any alternatives to the csrf approach how could you make use of the vulnerability?


[img][/img]img164.imageshack.us/img164/5713/perlvl0.jpg

clone4.freehostia.com/ubuntu_3.png
spyware - "They see me trollin'..."
<yaragn> ever seen that movie? The Matrix?
<yaragn> with those green lines of flying text?
<yaragn> *THAT'S* Perl



Edited by clone4 on 23-04-09 21:09
clone_4@hotmail.com
Author

RE: xss on personalized page


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 23-04-09 17:57
I'm not entirely sure what you mean, but, from what I gathered, could you not put in a redirection to your own site with the requests as well as a JS script to go back 2 history things history(-2) I think it is....

EDIT:
Or you could set up an XSS shell inject the page with it and do whatever, execute your own JS steal the cookies etc.




Edited by on 23-04-09 18:00
Author

RE: xss on personalized page

clone4
Member



Posts: 586
Location: He is back and he's bad!
Joined: 25.11.07
Rank:
Mad User
Posted on 23-04-09 18:17
SaMTHG wrote:
I'm not entirely sure what you mean, but, from what I gathered, could you not put in a redirection to your own site with the requests as well as a JS script to go back 2 history things history(-2) I think it is....


that would be the regular way, the problem is that the arbitrary JS can be executed only when I login with my details, thus I can only redirect myself and steal my own cookies, which isn't that great Smile


EDIT:
Or you could set up an XSS shell inject the page with it and do whatever, execute your own JS steal the cookies etc.


Thanks for that, I have to look into it, never used it before...



[img][/img]img164.imageshack.us/img164/5713/perlvl0.jpg

clone4.freehostia.com/ubuntu_3.png
spyware - "They see me trollin'..."
<yaragn> ever seen that movie? The Matrix?
<yaragn> with those green lines of flying text?
<yaragn> *THAT'S* Perl

clone_4@hotmail.com