Thursday, January 14, 2010

Filled Under: ,

2 New Interesting Xss This Week

This Week some of the genius hackers have found some really cool XSS vectors and which i want to introduce to you. These are some which are currently Unpatched and are Hot to use.

 

2 New Interesting Xss This Week

 

Lets see if you guys like them, these are basically good ones and would be useful to you. as i have tested them on some browsers and was found to be working when they were released...

 

IE8 XSS Filter Distorting Facebook

The First one is from Michael Coates, he have written this Facebook Xss in his blog post which is based on IE8, and which is currently Unpatched too. A Hacker can Code a malicious link and send this to the Victim.

 

He also said this haven't been disabled by the facebook security guys and is prone to attack. This provided a great example on the effects of the IE8 XSS filter. He have also written in his previous post about this attack.

 

 IE8_facebook

 

He also have given this screenshot for the demo of the attack and the malicious Link :

http://www.facebook.com/search/?ref=search&q=IE8%3Cscript%3E&init=quick

 

 

Google Maps XSS

google_maps1Discovered by two Indians this vulnerability hit the charts on twitter and was awesome, based on the Google Maps. Pratul Agrawal, Gaurav Baruah were the two authors.

 

 

The Xss is a Simple PoC right now and as per the two authors is currently Unpatched . You should check it out!

 

http://maps.google.com/maps?f=q&source=s_q&hl=en&geocode=&q=%3Cscript%3Ealert(%22Google%20Sucks%20!%22)%3C/script%3E&vps=1&sll=28.613554,77.20906&sspn=0.009136,0.013797&ie=UTF8

 

 

Happy Hacking @hackerthedude

blog comments powered by Disqus