Active Members dancezar Posted May 6, 2013 Active Members Report Share Posted May 6, 2013 (edited) Exploit: XSSType: ReflectedTarget: *.apple.comMerge pe:Chrome,Opera,Safari(Pe firefox si ie nu mere)Proof:http://postimg.org/image/ibbekos91///Raportat Edited May 6, 2013 by danyweb09 Quote Link to comment Share on other sites More sharing options...
Moderators Dragos Posted May 6, 2013 Moderators Report Share Posted May 6, 2013 Cenzureaza mai bine pe viitor poza. Altfel, felicitari! Quote Link to comment Share on other sites More sharing options...
Active Members dancezar Posted May 6, 2013 Author Active Members Report Share Posted May 6, 2013 Mersi mult.Am cenzurat poza ,oricum nu se vedea mare lucru.Se pare ca nu este singurul loc vurnerabil pe acelasi subdomeniu.Am dat ok la alertbox mi-a afisat pagina apoi am dat serch la ceva fara script in input si mi-a afisat acel alertbox. Quote Link to comment Share on other sites More sharing options...
Active Members dancezar Posted May 6, 2013 Author Active Members Report Share Posted May 6, 2013 (edited) Unde ma?Te referi la metrics.apple.com nu acolo este xss-u;)Edit:LOL am uitat in alert box:)) Edited May 6, 2013 by danyweb09 Quote Link to comment Share on other sites More sharing options...
dekeeu Posted May 6, 2013 Report Share Posted May 6, 2013 Ai vector care face bypass pentru Chrome ? Quote Link to comment Share on other sites More sharing options...
StoNe- Posted May 6, 2013 Report Share Posted May 6, 2013 Nu merge pe Firefox? Ciudat.Aceea?i întrebare ca Toshib4 o am ?i eu. Quote Link to comment Share on other sites More sharing options...
Active Members dancezar Posted May 6, 2013 Author Active Members Report Share Posted May 6, 2013 (edited) Nu stiu de ce pe firefox nu merge.Nu este nevoie de vre-un vector bypass pe chrome in acest caz,pentru ca parametrul vurnerabil preluat din get si este injectat direct intr-un tag <script> unde verifica daca browserul de pe care accez pagina este iPhone/iPod*OS.*AppleWebKit*Mobile*Safari.Este ceva de genulsite.com/pagina.html?parametru=ceva';else{alert(1);}if(1==2){// ,iar chrome nu sesizeaza xss-u doar ie il vede.Iar dupa ce il accesez in pagina sursa apare ceva de genul<script>var addSBTag = /(iPhone|iPod).*OS.*AppleWebKit.*Mobile.*Safari/.test(navigator.userAgent); if (addSBTag) { var headNode = document.getElementsByTagName("head")[0]; var sbNode = document.createElement('meta'); sbNode.name = 'cenzurat'; sbNode.content = 'cenzurat?parametru=38';}else{alert('danyweb09');}if(1=2){//'; headNode.appendChild(sbNode); }</script>Edit:Daca vreun admin vrea sa ma verifice trimit linkul prin pm Edited May 6, 2013 by danyweb09 Quote Link to comment Share on other sites More sharing options...
Active Members dancezar Posted May 6, 2013 Author Active Members Report Share Posted May 6, 2013 Nu merge filtreaza </> chiar si asa mergea pe firefox opera si safari nu stiu,dar pe chrome nu merge si multa lume foloseste chrome,deci mai rentabila e varianta mea Quote Link to comment Share on other sites More sharing options...