Im not going to say the company's name.
I found that the website of a multimillionare australian company is vulnerable to XSS.
Im not an expert in html (infact im quite stupid when it comes to html) so ill need help in doing some damage.
The first thing i done is.
I know i cant deface because data isnt saved with the searchbar
But still, any sort of damage that is possible?
Help will be appreciated.
No bullshit in the companys wealth, 11k+ retailers.
I am going to use the wardriving method for stealth.
And... I got my reasons against the company .
Multi millionare Company XSS
well,lol woolworths,xss in their search bar too,i know of many massive ompanies with xss nyways to help you
to cause a permanent xss for everyone viewing it
you need to find somewhere to post the xss string so its printed on the screen
for eg
sqli the site and insert the string,but why not just use the sqli to get the users?
in short
u are only creating a temporary xss
you need to have the page load it iether from a sql db or in the source,but if you can edit the source file,shell it ofc and have some fun
to cause a permanent xss for everyone viewing it
you need to find somewhere to post the xss string so its printed on the screen
for eg
sqli the site and insert the string,but why not just use the sqli to get the users?
in short
u are only creating a temporary xss
you need to have the page load it iether from a sql db or in the source,but if you can edit the source file,shell it ofc and have some fun
-
- Kage
- Posts: 732
- Joined: 31 Mar 2007, 16:00
- 17
- Location: Hidden in a Buffer Protection.
- Contact:
Rysh has a point.
This "vulnerability" isn't fully tested out. Maybe the search engine allows certain parameters through, or maybe your web browser is an outdated version that allows for such commands to be read and executed. Test it on multiple browsers first to see if it confirms the message, I suggest Firefox.
But Rysh your referring to an SQL Injection. With Cross Site Scripting(XSS), he can manipulate the URL to many things. My bet is try to use the XSS in the URL, if provided its still executed, than the web page is executing your command and you can feed it a whole array of malicious commands.
But as Cats said, never say never.
This "vulnerability" isn't fully tested out. Maybe the search engine allows certain parameters through, or maybe your web browser is an outdated version that allows for such commands to be read and executed. Test it on multiple browsers first to see if it confirms the message, I suggest Firefox.
But Rysh your referring to an SQL Injection. With Cross Site Scripting(XSS), he can manipulate the URL to many things. My bet is try to use the XSS in the URL, if provided its still executed, than the web page is executing your command and you can feed it a whole array of malicious commands.
But as Cats said, never say never.
[img]http://i81.photobucket.com/albums/j205/ebrizzlez/4lsint1.jpg[/img]
- t3hmadhatt3r
- forum buddy
- Posts: 16
- Joined: 11 May 2009, 16:00
- 14
The next thing to do is find out if you can construct a url. Then find what you want to do with the XSS (Steal cookies, Make the admin do something, own a router, intranet recon, etc...) and construct your exploit code. Then find a way to social engineer the admin or gain some trust and send him the link. Remeber, finding XSS is boring... Finding what you can do with it is fun .
-
- Infinite Haze
- Posts: 334
- Joined: 11 Jun 2005, 16:00
- 18
- Location: abroad
- Contact:
..
Last edited by mystikblaze on 21 Jun 2009, 08:32, edited 1 time in total.
Any fool can count the seeds in an apple. Only God can count all the apples in one seed. ~Robert H. Schuller
God is the greatest.
God is the greatest.
Well, we don't usually support malicious acts : / but sometimes we are either in the mood, or the current case can be an exception due to learning : )
try {
user.MaliciousAttempt();
} catch(NoRuleException e) {
System.out.println("Sorry, the thread is locked");
}
well, this has been allowed in this thread, since it's a little old now ... and will not be locked because of it. I think the thread is rather dead as well.
try {
user.MaliciousAttempt();
} catch(NoRuleException e) {
System.out.println("Sorry, the thread is locked");
}
well, this has been allowed in this thread, since it's a little old now ... and will not be locked because of it. I think the thread is rather dead as well.
"The best place to hide a tree, is in a forest"