Multi millionare Company XSS

Insection · Post by **Insection** » 22 Feb 2009, 02:57

Im not going to say the company's name.

I found that the website of a multimillionare australian company is vulnerable to XSS.

Im not an expert in html (infact im quite stupid when it comes to html) so ill need help in doing some damage.

The first thing i done is.

I know i cant deface because data isnt saved with the searchbar

But still, any sort of damage that is possible?

Help will be appreciated.

No bullshit in the companys wealth, 11k+ retailers.

I am going to use the wardriving method for stealth.

And... I got my reasons against the company

.

Post by **ayu** » 22 Feb 2009, 05:22

Guess you could try and craft the URL a bit and send the link to someone working there, and maybe steal some login info =/

Insection · Post by **Insection** » 22 Feb 2009, 22:18

I dont think the web admin is going to be stupid enough to click it.. -.-

XSS is hopeless...

Post by **ayu** » 23 Feb 2009, 04:18

Insection wrote:I dont think the web admin is going to be stupid enough to click it.. -.-

Stop thinking start trying ^^ you'll never know until you do

rhysh · Post by **rhysh** » 27 Feb 2009, 04:27

well,lol woolworths,xss in their search bar too,i know of many massive ompanies with xss nyways to help you

to cause a permanent xss for everyone viewing it

you need to find somewhere to post the xss string so its printed on the screen

for eg

sqli the site and insert the string,but why not just use the sqli to get the users?

in short

u are only creating a temporary xss

you need to have the page load it iether from a sql db or in the source,but if you can edit the source file,shell it ofc and have some fun

ebrizzlez · Post by **ebrizzlez** » 27 Feb 2009, 05:30

Rysh has a point.

This "vulnerability" isn't fully tested out. Maybe the search engine allows certain parameters through, or maybe your web browser is an outdated version that allows for such commands to be read and executed. Test it on multiple browsers first to see if it confirms the message, I suggest Firefox.

But Rysh your referring to an SQL Injection. With Cross Site Scripting(XSS), he can manipulate the URL to many things. My bet is try to use the XSS in the URL, if provided its still executed, than the web page is executing your command and you can feed it a whole array of malicious commands.

But as Cats said, never say never.

Insection · Post by **Insection** » 27 Feb 2009, 19:11

yupyup, nothings impossible

t3hmadhatt3r · Post by **t3hmadhatt3r** » 12 May 2009, 14:45

The next thing to do is find out if you can construct a url. Then find what you want to do with the XSS (Steal cookies, Make the admin do something, own a router, intranet recon, etc...) and construct your exploit code. Then find a way to social engineer the admin or gain some trust and send him the link. Remeber, finding XSS is boring... Finding what you can do with it is fun .

mystikblaze · Post by **mystikblaze** » 12 May 2009, 15:47

Post by **ayu** » 12 May 2009, 15:56

Well, we don't usually support malicious acts : / but sometimes we are either in the mood, or the current case can be an exception due to learning : )

try {
user.MaliciousAttempt();
} catch(NoRuleException e) {
System.out.println("Sorry, the thread is locked");
}

well, this has been allowed in this thread, since it's a little old now ... and will not be locked because of it. I think the thread is rather dead as well.

Post by **Stavros** » 12 May 2009, 16:59

Insection wrote:I dont think the web admin is going to be stupid enough to click it.. -.-

XSS is hopeless...

Never underestimate the power of human stupidity.