2009 August | CrazyDavinci's Blog | Social Networking, Programming, Security, Web Development

August 28, 2009

XSS On Indo TV Stations

Posted by: Joy : Category: Vulnerability

Here, we’re gonna show you XSS (Cross Site Scripting) and XFS (XSS From SQLi) bugs on some Indo TV Stations Websites.

As you might already know that Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications which allow code injection by malicious web users into the web pages viewed by other users. Examples of such code include HTML code and client-side scripts. An exploited cross-site scripting vulnerability can be used by attackers to bypass access controls such as the same origin policy. Vulnerabilities of this kind have been exploited to craft powerful phishing attacks and browser exploits. As of 2007, cross-site scripting carried out on websites were roughly 80% of all documented security vulnerabilities. Often during an attack everything looks fine to the end-user who may be subject to unauthorized access, theft of sensitive data, and financial loss (Taken from wikipedia).

Here are some examples of their vulnerable URL :

View Page Source Trick & Tool

Posted by: Joy : Category: Web Development

The view-source protocol is a URI scheme used in HTML to display the source code of a web page. Firefox and Internet Explorer both supported the view-source protocol, but support was dropped from Internet Explorer in Windows XP SP2 due to security problems. Firefox also suffered a similar security issue (by combining the view-source: and javascript: protocols), but still supported the protocol in Firefox 1.5 after being fixed.

In 2009 a new discovered bug was fixed in Firefox 3.0.9. Additionally, the protocol is also supported on google chrome. OK, let’s just try it, for example, this URL shows the source of crazydavinci home page (try it on firefox or chrome) :
Read more…

Comment (1) : Add Comment

August 04, 2009

Latest XSS Widget

Posted by: Joy : Category: Linker

Cute Pink Girl
Shared by: switpotato
Created: July 2009
Status : Filtered (August 2009)

Here’s another more friendster widget, that can serve as a vessel to inject your Cross-site Scripting (XSS) vector in your profile. Just follow the instructions carefully.

Friendster XSS Widget

Posted by: Joy : Category: Linker

Status : Classified
Author : Classified
Created : Unknown

Here’s another widget that can also serve as a vessel to inject your Cross-site Scripting (XSS) vector in your profile. Just follow the instructions carefully.

Protected content, please login or register to see the the rest of the content

Narsis Corner

:: Special Links ::

Follow this blog

:: Link Me Back ::

= With Image =

<a href="http://crazydavinci.net" target="_blank"><img src="http://images.crazydavinci.net/site_logo_s.jpg" width="125" alt="!CrazyDavinci!" ></a>

= Link Only =

<a href="http://crazydavinci.net" target="_blank">!CrazyDavinci!</a>

Media-Box

Chat-Box

My Links

Affiliates (2)
- Balikita
- Taman Zawiyah
Forums (7)
- Echo
- Forum Balikita
- Hackers-Center
- Jasakom
- The Cradle
- TheFTalk
- XCode
Friends (26)
- AaEzha
- Adhemo
- Ajuss
- Andrea Adelheid
- Angell de Ville
- Ardhiva
- Bisnis Internet Pemula
- Bl4ck-Shell
- BobyHikaru
- Cheuw
- Dewi Kunthi
- Dryx
- Ghorio
- H4x0r-x0x
- Harries
- Herry Untitledz
- Kahfi Hudson
- Kashmir
- Kher Navarro
- Momo4u
- Ogie
- OkaCybernet
- Ramz
- Ryan
- Switpotato
- Zaynul
Resources (4)

CrazyDavinci's Blog | Social Networking, Programming, Security , Web Development

Home

SiteMap

Tools

Forums

Downloads

Contact

Categories Tree

Tags

Recent Posts

Recent Comments