[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] [x0n3-h4ck.org] PayPal vulnerable to XSS
- To: "<corrado.liotta@xxxxxxxx>" <corrado.liotta@xxxxxxxx>
- Subject: Re: [Full-disclosure] [x0n3-h4ck.org] PayPal vulnerable to XSS
- From: Andrew Farmer <andfarm@xxxxxxxxx>
- Date: Mon, 6 Nov 2006 12:44:30 -0800
On 04 Nov 06, at 11:39, <corrado.liotta@xxxxxxxx>
<corrado.liotta@xxxxxxxx> wrote:
> this is a request, that I have passed server to the web, complete
> of the code that would allow the xss:
> GET / HTTP/1.0
> Accept: */*
> User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET
> CLR 1.1.4322)
> Host: www.paypal.com
> Cookie: cookie_check=yes;feel_cookie=
<snip big session cookies>
> LANG=--><ScRiPt%20%0a%0d>alert(1234567890)%3B</ScRiPt>
<snip more cookies>
> Connection: Close
> Pragma: no-cache
That's not exploitable. Remember that the "XS" in XSS stands for
"cross-site": you have to be able to trigger the scripting using
ordinary requests from another site. To generate this cookie, you'd
need to already have scripting access to the paypal.com domain - in
which case you don't care anymore.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/