a small place to share your BIG knowledge

September 21, 2009

This blog is closed.

Filed under: Uncategorized — knight4vn @ 7:25 pm

Hi everybody,

I have closed this blog and moved to the new one:

http://5mins.wordpress.com

See you in my new blog. 🙂

June 14, 2008

Yahoo! 360 XSS Vulnerability

Filed under: Uncategorized — knight4vn @ 5:57 pm
Tags: , , , ,

This is the report I sent to securityfocus. I’m gonna post about writing an XSS worm using this security hole in the next few days. It’s too lengthy to be covered in one single post. So this tutorial probably contains 2-3 parts. Right now, I’m quite busy with my summer classes but I hope I have it finished in time.

Application : Yahoo!360 Social networking site.

Release Date : June 13th 2008


Introduction:

Yahoo! 360° , introduced in 2005, is a personal communication portal operated by Yahoo!.

360° includes social networking, blogging, and photo sharing services.

Users can create personal web sites, share photos from Yahoo! Photos, maintain blogs, lists of local reviews, supply profile information, and see which friends are currently online.


Vulnerability:

Yahoo! 360 is vulnerable to Cross site scripting.


Discussion:

Yahoo! 360 has its built-in html filter which allows only html tags in their white-list to be displayed to the users. In addition, the string “javascript” is stripped out immediately if appears anywhere between ‘<‘ and ‘>’. This mechanism helps preventing dangerous script injected by the malicious users.

However, the filter does not remove variants of the original “javascript” string such as: “JavaScript”, “JAVASCRIPT” and etc.. Unfortunately, in some versions of IE (IE 6.0.x), these variants are treated equally as the normal “javascript”. Therefore, hackers can take advantage of this bug to execute evil javascript code to create blog, send messages and spread XSS worm with user identity. The possibility is endless.


Exploit:

Compose a new entry by going to:

http://blog.360.yahoo.com/blog/compose.html


Sample of an entry injected with hidden javascript code:

[HTML CODE]

<table background=JavaScript:alert(123)><tbody>Blogcontent</tbody><table>

[HTMLCODE]


Author: Duong ThanhKnight4vn (knightvn {at} gmail {dot} com)

January 30, 2008

Know your enemy!

Filed under: Uncategorized — knight4vn @ 12:04 am

funny-cute-cats-1.jpg

Blog at WordPress.com.