Re: Oh no, I've been hacked

;) What was the vuln? Just did some auditing in XSS, damn ruthless and very
open-ended...I have kinda made it a rule to lightly check sites for XSS when
I become a member (drives admins crazy! ;), gives me the user an idear on
how aware the admins are. It's such an open ended specialized area of study
though that you can never REALLY be to sure your code is secure...I'm
certainly new to it on both fronts.

Oh hell, here's a working example (tgif ;)

http://astrology.rediff.com/sections/daily/daily.asp?sign=<script>alert(document.cookie)</script>

I have made them aware of the issue 2 months ago! lmao...shrug. What the
above does is hand you your cookie from CODE BEING RUN in YOUR browser. What
a baddie would do with this POC would be to give a member a e-mail on this
same site (they offer accounts) with that link, have them bounce off of
http://astrology.rediff.com (since cookies are local) and record to a remote
gci script. Then the jerk highjacks the session or retrieves other permanent
info in the cookie for later exploitation...Something along those
lines...Another method is too leave code in avatar settings at msg brds,
waiting for an adim to come on by, or anyone for that matter... It's
incredibly creative...Phishers/spammers use these sort of things too,
obscuring the url though; http://www.pc-help.org/obscure.htm.

There's tons of material on XSS and plus it's kinda fun too...

Next week we'll study changeing the user-agent in firefox to google so to
get free access to pay sites ;)
--joking ;)

Not to get to spicy,
eddie

PS: I'm a sucker for these kinda topics.

>From: Justin Dieters <enderak@mtaonline.net>
>To: Grant Stockly <grant@cmosxray.com>
>CC: aklug@aklug.org
>Subject: Re: Oh no, I've been hacked
>Date: Fri, 16 Sep 2005 11:58:19 -0800
>
>Yeah, phpBB is a favorite among script kiddies. I don't think there's a
>phpBB I've been a member of that hasn't gotten hacked at some point.
>
>Justin
>
>
>Grant Stockly wrote:
>
> >I just discovered that someone "hacked" a phpBB web board I have.
> >
> >What they really did was use a few documented exploits to change the name
> >of the categories and then post a bunch of spam. So they probably found
> >the bug track list, found the bug, and went in google looking for old
> >versions of phpBB.
> >
> >I knew for a while that the version of phpBB had holes, but didn't think
> >someone would mess with a small time website. (phpBB takes a while to
> >upgrade due to the "mod" methods)
> >
> >Its like the security holes with your car. Parking at CARRS you don't
> >expect someone to key it.
> >
> >Anyway, its pretty stupid and its already fixed...but now I have a little
> >less faith in man kind. :(
> >
> >Grant
> >
> >
> >---------
> >To unsubscribe, send email to <aklug-request@aklug.org>
> >with 'unsubscribe' in the message body.
> >
> >
> >
> >
> >
>
>
>---------
>To unsubscribe, send email to <aklug-request@aklug.org>
>with 'unsubscribe' in the message body.
>

---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.
Received on Fri Sep 16 13:48:02 2005