Re: Oh no, I've been hacked

s/gci/cgi/

lmao, that's ironic...tgif
-eddie

>From: "captgoodnight captgoodnight" <captgoodnight@hotmail.com>
>To: aklug@aklug.org
>Subject: Re: Oh no, I've been hacked
>Date: Fri, 16 Sep 2005 13:47:55 -0800
>
>;) What was the vuln? Just did some auditing in XSS, damn ruthless and
>very
>open-ended...I have kinda made it a rule to lightly check sites for XSS
>when
>I become a member (drives admins crazy! ;), gives me the user an idear on
>how aware the admins are. It's such an open ended specialized area of study
>though that you can never REALLY be to sure your code is secure...I'm
>certainly new to it on both fronts.
>
>Oh hell, here's a working example (tgif ;)
>
>http://astrology.rediff.com/sections/daily/daily.asp?sign=<script>alert(document.cookie)</script>
>
>I have made them aware of the issue 2 months ago! lmao...shrug. What the
>above does is hand you your cookie from CODE BEING RUN in YOUR browser.
>What
>a baddie would do with this POC would be to give a member a e-mail on this
>same site (they offer accounts) with that link, have them bounce off of
>http://astrology.rediff.com (since cookies are local) and record to a
>remote
>gci script. Then the jerk highjacks the session or retrieves other
>permanent
>info in the cookie for later exploitation...Something along those
>lines...Another method is too leave code in avatar settings at msg brds,
>waiting for an adim to come on by, or anyone for that matter... It's
>incredibly creative...Phishers/spammers use these sort of things too,
>obscuring the url though; http://www.pc-help.org/obscure.htm.
>
>There's tons of material on XSS and plus it's kinda fun too...
>
>Next week we'll study changeing the user-agent in firefox to google so to
>get free access to pay sites ;)
>--joking ;)
>
>Not to get to spicy,
>eddie
>
>PS: I'm a sucker for these kinda topics.
>
> >From: Justin Dieters <enderak@mtaonline.net>
> >To: Grant Stockly <grant@cmosxray.com>
> >CC: aklug@aklug.org
> >Subject: Re: Oh no, I've been hacked
> >Date: Fri, 16 Sep 2005 11:58:19 -0800
> >
> >Yeah, phpBB is a favorite among script kiddies. I don't think there's a
> >phpBB I've been a member of that hasn't gotten hacked at some point.
> >
> >Justin
> >
> >
> >Grant Stockly wrote:
> >
> > >I just discovered that someone "hacked" a phpBB web board I have.
> > >
> > >What they really did was use a few documented exploits to change the
>name
> > >of the categories and then post a bunch of spam. So they probably
>found
> > >the bug track list, found the bug, and went in google looking for old
> > >versions of phpBB.
> > >
> > >I knew for a while that the version of phpBB had holes, but didn't
>think
> > >someone would mess with a small time website. (phpBB takes a while to
> > >upgrade due to the "mod" methods)
> > >
> > >Its like the security holes with your car. Parking at CARRS you don't
> > >expect someone to key it.
> > >
> > >Anyway, its pretty stupid and its already fixed...but now I have a
>little
> > >less faith in man kind. :(
> > >
> > >Grant
> > >
> > >
> > >---------
> > >To unsubscribe, send email to <aklug-request@aklug.org>
> > >with 'unsubscribe' in the message body.
> > >
> > >
> > >
> > >
> > >
> >
> >
> >---------
> >To unsubscribe, send email to <aklug-request@aklug.org>
> >with 'unsubscribe' in the message body.
> >
>
>
>---------
>To unsubscribe, send email to <aklug-request@aklug.org>
>with 'unsubscribe' in the message body.
>

---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.
Received on Fri Sep 16 13:59:13 2005