g00gle Spreadsheet XSS

Comments

Post a Comment

Popular posts from this blog

Multiple Vulnerabilities in eFront CMS v3.6.15.4

Image
Hi friends, I am back with Three stories Today. There are multiple critical bugs effecting the e-front, one of the Top 10 e-learing cms available, version 3.6.15.4 build 18023. The details are as follows. Directory Traversal       ( CVE : 2015-4461 ) Local File Inclusion      ( CVE : 2015-4462 ) Bypass for Blocked extension file uploads      ( CVE : 2015-4463 ) About the e-front:   E-front is one of the Top 10 e-learning cms available free on the market till date. A small description from the vendor's site: "The core of eFront is distributed as an open-source project. We have created a superior training product and we are not afraid to let you try it! The open-source edit of eFront will cover a wide range of your needs. If you are looking for a specialized solution then take a look at different efront editions ." The Issues are fixed as part of new release, efront v3.6.15.5 build 18024. You can find the chan...
Read more

Cross Site Scripting through callback functionality

Image
Hello Guys, Today i would like to share a Cross Site Scripting Vulnerability that was existing in JSON/AJAX callback functionality. I found this vulnerability a few days back, but as the bug is fixed now, i'd like to share the story. The vulnerability is existing in the forgot password functionality. The forgot password functionality uses an ajax based request/response mechanism within the login page. While testing the application, i observed that the application is using a callback function to render the response into the application. This callback function name is being passed as a GET parameter. With a little analysis, i found that the callback parameter is vulnerable to Cross Site Scripting vulnerability. So i extracted the forget password request and crafted a GET based URL request with a simple XSS payload as the callback value. https://www.DUMMY-WEBSITE.com/users/ajaxonforgotpassword.php?callback=<script>alert(document.cookie)</script>...
Read more

Tailoring Custom Javascript Payloads for a successful XSS...

Hey Guys, Today I would like to show you, how i was able to create custom XSS payloads based on existing javascripts in various websites. Note that this write-up does not show you how to get XSS in various websites, but it covers various ways to create custom xss payloads. The approach i follow to create a successful xss payload involves in 3 steps. 1. Analyse the native code 2. Construct the correct syntax 3. Execute the payload For explanation purpose i considered GET based user input, however, this method will work on POST method also. 1. Analyse : This stage involves the analysis of the web-page code in which we are creating a payload. It is important that the main limitation in this stage is that, the user input we entering should be returned in between script tags. index.php?name=test  should return the payload as follows. <script> ........... .. test .. ........... </script> If the user input is not rendering in bet...
Read more