[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] xss problems
- To: full-disclosure@xxxxxxxxxxxxxxxxx
- Subject: Re: [Full-disclosure] xss problems
- From: Deepan <codeshepherd@xxxxxxxxx>
- Date: Tue, 26 Dec 2006 16:19:35 +0800
On Tue, 2006-12-26 at 15:17 +0800, Deepan wrote:
> Hi All,
> The following sites have XSS problems
>
> 1) http://chennaionline.com/search/ ( the first search box )
>
> The user input for search is later displayed in the result page. No
> filtering is done to remove Java Scripts in the query.
>
>
> 2) http://www.sdbj.com/forgot.asp
>
> user is a valid field in the table where email is stored.
>
> 3) http://www.visionoss.com/login/forgotpassword/
>
> userEmail is a valid field in the table where email is stored.
>
> I had reported my findings. I am just trying to learn the basics of XSS.
> I have few doubts. The site
>
> http://www.xdisclose.com/tools/yahoocookiepoc.html is capable of
> decrypting yahoo cookies. I fail to understand how they decrypt the user
> name, dob and country details from cookie.
>
> The relavent cookie contents are
>
> Y=v=1&n=3nkia0lkek00v
> l=h4fb820j4c08b/o
> p=m2kvvin013000000
> jb=16|47|
> iz=600042
> r=ak
> lg=us
> intl=us
> np=1
>
>
> l stands for username,
> p stands for country, year of birth, gender
>
>
> Can someone tell me how xdisclose.com tools decrypt username, country,
> year of birth and other details.
I found the code for user id. It is mapped this way
abcdefghijklmnopqrstuvwxyz => 0123456789abcdefghijklmnop
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/