Jquery xss

Long time back I reported an xss in JQuery's website and few days back I noticed that it was fixed.

jQuery is a multi-browser JavaScript library designed to simplify the client-side scripting of HTML. It was released in January 2006 at BarCamp NYC by John Resig

http://jqueryui.com/themeroller/#ffDefault=%22/%3E%3Cscript%3Ealert%28/Xss:cyberboy/%29%3C/script%3E

 

waze arbitrary file upload

Waze is one of the world's largest community based traffic and navigation app which was acquired by Google June 11, 2013 . And Google opens up responsible disclosure for their acquired websites . So I thought of trying my hands over it.

While I was scrolling around the pages I found the waze wiki which allowed users to upload files :]

When I tried uploading a PHP file, the response was 

Files of the MIME type "application/x-php" are not allowed to be uploaded

Well so the website is filtering files type by checking the MIME type . So no use of uploading arbitrary files by extension spoofing ... HMMMMMM

Then again something stroke my mind . What  more MIME types are filtered?? 

So I tried uploading a SWF file. BINGOOOOO!!!!!

Swf files are not filtered >:)

So what bad I can do ??

Aaahhaahhh execute an Xss with a vulnerable swf file ;-)

Aweee yeahhh

Now they have fixed the bug :)

And they sent a 100$ reward for this :D and my name will be listed in their reward hall of fame :)

http://www.google.co.in/about/appsecurity/hall-of-fame/reward/

CHEERS
Shashank (@cyberboyIndia)

Imgur xss

Imgur is an online image hosting service founded by Alan Schaaf in 2009 in Athens, Ohio. Imgur describes itself as "the home to the web's most popular image content, curated in real time by a dedicated community through commenting, voting and sharing.
I spotted a cross site scripting vulnerability in http://imgur.com/ on 6 FEB 2013 .

I reported the issue to them on the very day I found it and the same day they replied. After 2-3 days the bug was fixed.

Cheers :)
Shashank

Don't get trapped

This just an awareness for my blog readers . Think of the bad time when you go to your nearest ATM and find out that your bank balance is NILL. Because someone (a bad guy) hacked your account and transferred all your HARD EARNED money. The thing is that if you get hacked its your mistake even !!!. Hacking is not a voodoo magic that someone twitches his wand and empties your bank account. They either exploit a flaw or make your fool and take away your credential from you only. One of such process is called PHISHING.

In Phishing what a bad guys simple does is create a fake login page which resembles the real login page of your bank website's customer login page but ITS HOSTED ON HIS OWN SERVER. So when you logging in such types of fake login pages the user name and password gets saved into his logs and thus he has all your passwords .

Today I got a mail by one of  such  bad guy.

 at first it might look a real mail from RESERVE BANK OF INDIA . You can see the email is from no-reply@rbi.org.in . But actually it not so. The email system we used today has a flaw that allows anyone to send mail with anyone address. That is called email spoofing . That I will discuss some other day . And you might notice there is a link .
when I opened the link it got redirected to

http://www.classic-gallery.ru/images/smilies/RBI-EDITED/RBI-EDITED/RBI/index.htm

and when clicked over any banks link . It will ask you your bank user id and password .

But if you actually see the link. The login mechanism is being served from http://www.classic-gallery.ru
A Russian domain !!! which is in no way associated to RBI  or any other INDIAN bank. So NEVER EVERY TRY TO LOGIN TO THESE TYPES OF FAKE PAGES.

So the best way to avoid your self  from getting hacked is to  check the URL bar before logging in . And be sure to check that ITS YOUR BANK WEBSITE in which you are logging in not any other.

Capture the Xss

Every one is aware of the CTF and many of you might have been or still are active warriors of CTF. I spotted one XSS in their blog and they fixed it the very day .

It was just a random hit as I was reading their blog and then observed the old version of the plupload file  which had a know xss bug .

This what actually happens when you get the bad habit of xssing every where :P

Anyways they were happy and even  I am :)

Cheers :)

Heroku Directory Transversal

Long back I spotted a Directory Traversal bug in Heroku.

"Heroku is a cloud platform is a cloud application platform – a new way of building and deploying web apps.. Heroku was acquired by Salesforce.com in 2010"

They were quite quick and fixed it without delays

Later they even started their hall of fame page and included my name there :)
https://www.heroku.com/policy/security-hall-of-fame

Oracle xss

Every one  knows about ORACLE . Oracle Corporation is an American multinational computer technology corporation headquartered in Redwood City, California, United States.

I spotted some security issues in their website and finally they have fixed it . One of them was cross site scripting issue in oracle's sub-domain http://education.oracle.com 

they took a long time in fixing but after the fix they acknowledged me on there website.

Oracle Critical Patch Update Advisory - January 2013 - Beta Oracle CVRF

http://www.oracle.com/ocom/groups/public/@otn/documents/webcontent/1841213.xml

And 

Oracle Critical Patch Update Advisory - July 2013 - Beta Oracle CVRF

http://www.oracle.com/ocom/groups/public/@otn/documents/webcontent/1841215.xml

cheers :)