Persistent XSS bug discovered on eBay

0
Posted by OpenMindLeader on 2:00 AM
"Once you login to your account on eBay, edit the option "About me".

http://cgi3.ebay.com/ws/eBayISAPI.dll?AboutMeLogin

Now go to :
http://members.ebay.com/ws/eBayISAPI.dll?EditUserPageHTMLSource
and edit with HTML enabled.

Demo URL (My profile):
http://members.ebay.com/ws/eBayISAPI.dll?ViewUserPage&userid=shell2h4ck

It is also vulnerable to redirection and other normal xss attacks


One of the possible exploitation scenarios is malicious people stealing cleartext credentials from registered users by injecting an iframe tag that retrieves another rogue eBay login page from a remote server.

http://xssed.com/news/125/Persistent_XSS_bug_discovered_on_eBay/

FB sqlhack App XSS vuln

0
Posted by OpenMindLeader on 1:53 AM
another bug !!!
http://apps.facebook.com/sqlhack/ insert iframe script and chk it ;) Insert the script in "Update Status:" option though few wont work :P
snapshot :

FB marketplace persistent xss

0
Posted by OpenMindLeader on 1:46 AM
FB marketplace has 4,247,992 monthly active users and suffers from persistent crosss site scripting.
http://www.facebook.com/apps/application.php?id=128581025231&ref=appd
(application link)
Goto
http://facebook.oodle.com/account/listing/
and post your xss script and post..if you have creativity you can use them ;)

Note: Also redirection works

Screenie:

FB app "CAUSE" Persistent xss

0
Posted by OpenMindLeader on 1:41 AM
About : Causes
If you are an individual activist, nonprofit, foundation, company, or anyone else wanting to learn more about how to utilize Causes please visit Causes Exchange.

Causes empowers anyone with a good idea or passion for change to impact the world. Using our platform, individuals mobilize their network of friends to grow lasting social and political movements.

USERS : 17,053,968 monthly active users,
VULN : PERSISTENT XSS :

Snap shot:

Facebook Chakpak Movies Xss Vuln

0
Posted by OpenMindLeader on 1:36 AM
About:
The application for Indian movie lovers. Rate and review any movie, from Sholay to Jab We Met, from Sivaji to Pather Panchali. View latest wallpapers of your favorite actors and actresses including Shahrukh, Katrina, Rajnikanth.

Insert your xss scripts ;)

Here are few screen shots

FB NetworkedBlogs App Persistent XSS Vuln

0
Posted by OpenMindLeader on 1:28 AM
About NetworkedBlogs App
Promote your blog on Facebook and syndicate your feeds to your wall and fan pages. Join 450,000 other bloggers on the largest community of bloggers and blog lovers on Facebook.

Again this app has 1,712,628 monthly active users

Vuln :
Persistent xss and html injection

Goto your FB acct..add this app and create your blog...the prob is it has a char limit

Here are the few screenshots

1. Xss Inj3ction:


2.Html Inj3tion:

Facebook Quiz Monster Persistent XSS Vuln

0
Posted by OpenMindLeader on 1:25 AM
About Facebook Quiz Monster
It helps you to create your own quiz facebook application! Quiz Monster makes it simple, fun and easy!

Vuln found :
Persistent XSS VUln

create your own quiz 1st and insert your xss scripts in the options available there...like for example

">< script > alert("w00t")< /script >


once done go and check your quiz

currently this application has 14,238,107 monthly active users ....and so the attackers can also try to steal their cookies (didnt try but you can)

One such quiz is
http://apps.facebook.com/quizcreator/quizzes/714688/play


Here is a screenshot:
Subscribe to: Posts (Atom)