Trust Ur Knowledge: décembre 2013

dimanche 1 décembre 2013

XSPA/SSRF - Yahoo! as an Example

Acronyms

XSPA: Cross-Site Port Attacks
SSRF: Server Side Request Forgery

Definition

XSPA allows attackers to abuse available functionality in most web applications to port scan intranet and external Internet facing servers, fingerprint internal (non-Internet exposed) network aware services, perform banner grabbing, identify web application frameworks, exploit vulnerable programs, run code on reachable machines, exploit web application vulnerabilities listening on internal networks, read local files using the file protocol and much more.

Source and more infos: http://www.riyazwalikar.com/2012/11/cross-site-port-attacks-xspa-part-1.html

Example: Yahoo!






By the way i've reported this as a bug (Bug Bounty Program 2013) to Yahoo Security Team, and check their response:


Happy Hacking !!

Interspire - Cross Site-Scripting # XSS

Interspire E-mail Marketer suffers from a Cross Site-Scripting vulnerability that allows to inject HTML and malicious scripts.

The vulnerable code is at: /admin/index.php
The vulnerable parameter is: "Page"

Proof of Concept:
 http://[domain]/admin/index.php?Page={XSS}&Action=Login

Google Dork:
inurl:admin/index.php?Page= intext:Interspire

Version 6 is vulnerable [tested on v 6.1.0].
that can access any cookies, session tokens, or other - See more at: http://disse.cting.org/2013/08/05/joomla-core-3_1_5_reflected-xss-vulnerability/#sthash.LU7Yv3jc.dpuf
that can access any cookies, session tokens, or other - See more at: http://disse.cting.org/2013/08/05/joomla-core-3_1_5_reflected-xss-vulnerability/#sthash.LU7Yv3jc.dpuf
sensitive information retained by your browser and used with that site - See more at: http://disse.cting.org/2013/08/05/joomla-core-3_1_5_reflected-xss-vulnerability/#sthash.LU7Yv3jc.dpuf
that allows to inject HTML and malicious scripts that can access any cookies, session tokens, or other sensitive information retained by your browser and used with that site. - See more at: http://disse.cting.org/2013/08/05/joomla-core-3_1_5_reflected-xss-vulnerability/#sthash.LU7Yv3jc.dpuf
that allows to inject HTML and malicious scripts that can access any cookies, session tokens, or other sensitive information retained by your browser and used with that site. - See more at: http://disse.cting.org/2013/08/05/joomla-core-3_1_5_reflected-xss-vulnerability/#sthash.LU7Yv3jc.dpuf