[XSS] 2X.adobe.com

[dancezar]

Exploit:Cross site scripting

Method:GET

Tested on:

--Primul:

-Firefox

-chrome

-safari

--Al doilea:

-Firefox

-chrome

-safari

-opera

POC 1:View image: xss adobe

POC 2:View image: xss adobe2 copy

Ambele merg pe Chrome.Sunt pe subdomenii diferite

Status:raportate am primit un email de feedback

Edited June 21, 2013 by danyweb09

[qwerty12]

si eu am raportat unul acum 1 luna:D

[Mynikka]

danyweb09 you need to stop this pretentious bullshit.

You cannot bypass chrome (on non-persistent xss), you just disable the xss filter and pretend you're some l33t hax0r.

Prove you can bypass it, i will pay you 450$ (escrow).

[dancezar]

danyweb09 you need to stop this pretentious bullshit.

You cannot bypass chrome (on non-persistent xss), you just disable the xss filter and pretend you're some l33t hax0r.

Prove you can bypass it, i will pay you 450$ (escrow).

I'cant bypass the xss filter from chrome.But in some condition is works here i have 2 exemple:

<?php

echo $_GET['c'];

?>

and the url :site.com/script.php?c=<script>alert(1)</script>

This is not passable

But propose this script:

<script>

var test="<?php echo $_GET['c']; ?>";

//the rest of the javascript code

</script>

this vector can bypass the xss auditor from chrome:";alert(1);// or ";alert(1);a="1

Test it on your localhost.

I did dont say i can bypass the xss auditor i say "Its work on google chrome"

Sory for my bad english.

//edit the xss filter from IE 8 is more good than xss auditor from chrome

Edited June 22, 2013 by danyweb09

[Mynikka]

I'cant bypass the xss filter from chrome.But in some condition is works here i have 2 exemple:

<?php

echo $_GET['c'];

?>

and the url :site.com/script.php?c=<script>alert(1)</script>

This is not passable

But propose this script:

<script>

var test="<?php echo $_GET['c']; ?>";

//the rest of the javascript code

</script>

this vector can bypass the xss auditor from chrome:";alert(1);// or ";alert(1);a="1

Test it on your localhost.

I did dont say i can bypass the xss auditor i say "Its work on google chrome"

Sory for my bad english.

//edit the xss filter from IE 8 is more good than xss auditor from chrome

Ok at least you're honest.

The xss filter on chrome only protects against non-persistent and can be truly bypassed when there are 2 get variables.

I've yet to see an xss vector that works against latest chrome version with 1 get variable.

[qwerty12]

Sper sa iti dea Hof!

[dancezar]

Vurnerabilitatile au fost reparate si ieri seara am fost trecut pe Security Acknowledgments .

Linkurile vurnerabile erau

1. https://kuler.adobe.com/%3Cscript%3Ealert%281%29%3C%2Fscript%3E-art-colors/ (Pentru asta am primit HOF)

2. Adobe Education Exchange (A fost dublicate,raportat de Nacks inainte)

Am uitat sa le fac poze necenzurate da se obeserva clar din pozele de mai sus ca acestea erau paginile.

Ambele functionau pe chrome , primul desi vectorul era <script>alert(1)</script> functiona pe chrome deoarece era DOOM.

Am trecut rstforums.com acolo pentru ca nu l-am vazut decat pe Dragos trecut cu rstforums.

Desi dureaza mult pana le repara merita asteptarea.

[dekeeu]

Ala din edex e cel de aici pe care l-am raportat eu pe 7 mai : https://rstforums.com/forum/68976-xss-adobe.rst .

Acum o saptamana am vazut ca era fixat si i-am intrebat care-i treaba si mi-au raspuns ca inca trebuie revizuit .

Edited October 31, 2013 by dekeeu

[dancezar]

Ala din edex e cel de aici pe care l-am raportat eu pe 7 mai : https://rstforums.com/forum/68976-xss-adobe.rst .

Acum o saptamana am vazut ca era fixat si i-am intrebat care-i treaba si mi-au raspuns ca inca trebuie revizuit .

Ratati, nu ma mir de ce hacerii au facut publica baza lor de date .

Poti sa ii intrebi daca cineva l-a raportat inaintea ta poate de asta:-/ Trebuie sa ai rabdare cu ei:) florindark a primit HOF dupa un an deci... eu ma mir cum au reusit sa il repare pe ala doom dupa 4 luni:)) eu ma asteptam sa primesc HOF la anu