xss

I talked about this before in a previous post. Mozilla pointed me on a flaw, and I went back to investigate it some more. I turns out that I'm right after all but in a different setting, but with the same idea. The below vector can be used to trick filters or surfers into performing various things. One of them is to steal cookies from surfers who think that the URI we give them is legit, or phish for credentials by setting up a cloned GMail page. This is due to the empty user name: http://:uri@phishdomain. Normally when you fill in the user name like: http://foo:uri@phishdomain.  read more »

This is clever.Another great reason why displaying errors is bad practice. Luca wrote on his blog his findings when messing with mysql_error() and so it's possible to trigger cross site scripting when an SQL injection attempt gone wrong. Well, it also works when mysql_real_escape_string is used. Why? because some XSS vectors do not need single quotes to be launched properly. So this code below does not protect against it. Time to turn error reporting off, but we knew that.Check it out:

Nemessis found another XSS in PayPal, and I must say this is a very clever one! Take a peek with Firefox and see what I mean. Good stuff, because it shows how hard it really is to protect yourself from. Logically this is a spot they forgot.http://rstzone.org/forum/

Stefan Esser from hardened-php talks about a flaw in one of gnucitizen's programs online that facilitated XSS. Now I got one for Stefan himself, and this is likely more problematic. Because, what would you say, when you are top PHP security expert and are vulnerable to such basic exploit like this below?  read more »

Today I read the well written article by Alex aka kuza55. Alex is one of the few with very in depth knowledge of Cross site scripting I know, and he also will show you how if you let him. So it was no surprise, this is a very good article. If you thought you knew it all, go ahead and learn some more about XSS from Alex.  read more »

So they patched that last XSS hole, or did they? Come on Cenzic! I might be a pain in the ass here but remember one thing: Don't dynamically strip input or rewrite input, because the XSS possibilities are countless. Just encode the data to it's html entities and be released out of this misery, it takes about 15 seconds to patch it for good. Next time I charge me hourly rate.Cenzic pt II

Mozilla Firefox has some very disturbing new features on board, I checked them out and did some test rounds with them. And to be honest: these features lay the blueprint for Javascript worms. It starts with simple reconnaissance techniques to see if a user is online or not, to full DOM storage which is capable of storing whatever we please. Some parts are even cross domain accessible. I am not sure what Mozilla is thinking here, but this is horrible for security. MSIE has a similar system, but Mozillas version beats all odds.  read more »

Mario showed a neatly crafted XSS code injection on Apple's website. After analyzing what Apple does there, they seem to make the obvious mistake by only filtering on the words like: <script> and such. As we know this is no barrier for the XSS die-hards, because a lot of other vectors are possible. A quick peek learned me that Apple also has SQL injection issues. Then I got bored and wrote a blog item about it, that's how things work around here.Mario's XSS: http://preview.tinyurl.com/3dy45gMy SQL injection: http://tinyurl.com/yvv443

It seems dreamhost users are under attack. A blog reported about it today and there seems to be a ton of commotion going on in the dreamhost support forums. Well what can I say? Another broken dream. Oh, and it took me 5 seconds to find a XSS hole in their customer login panel screen. But who cares, they only got 500.000 domains hosted. 2 XSS vulnerabilities and 1 SQL injection:User panel:Click to launchKnowledge base:Click to launchSQL injection point found while drinking my coffee just now:Click to launchNext please!

Yes; the web sites are being more complicated from day to day; and the web sites which has been produced by html is decreasing on the net.The popular ones are php;asp;jsp and other technologies and with this increasing the attacks are being more dangerous.  read more »