Twitter XSS

Twitter Help Center is again vulnerable to XSS

Note: This is a proof of concept and it doesn't reflect the views or interests of above website.
you don't need to be logged to execute it !

xss:
http://support.twitter.com/forms/render_account_partial?account_num=XSS


Redirect:
http://support.twitter.com/forms/render_account_partial?account_num=XSS


















Twitter staff has been alerted....

See also : Just another persistent Twitter XSS


Update: BUG FIXED !!! Twitter security team was very fast :)

AntiXSS v.4.0 Released

Microsoft Anti-Cross Site Scripting Library V4.0

The Microsoft Anti-Cross Site Scripting Library V4.0 (AntiXSS V4.0) is an encoding library designed to help developers protect their ASP.NET web-based applications from XSS attacks. It differs from most encoding libraries in that it uses the white-listing technique -- sometimes referred to as the principle of inclusions -- to provide protection against XSS attacks. This approach works by first defining a valid or allowable set of characters, and encodes anything outside this set (invalid characters or potential attacks). The white-listing approach provides several advantages over other encoding schemes. New features in this version of the Microsoft Anti-Cross Site Scripting Library include:- A customizable safe list for HTML and XML encoding- Performance improvements- Support for Medium Trust ASP.NET applications- HTML Named Entity Support- Invalid Unicode detection- Improved Surrogate Character Support for HTML and XML encoding- LDAP Encoding Improvements- application/x-www-form-urlencoded encoding support

Download: http://www.microsoft.com

AntiXSS v.4.0 Released

Microsoft Anti-Cross Site Scripting Library V4.0

The Microsoft Anti-Cross Site Scripting Library V4.0 (AntiXSS V4.0) is an encoding library designed to help developers protect their ASP.NET web-based applications from XSS attacks. It differs from most encoding libraries in that it uses the white-listing technique -- sometimes referred to as the principle of inclusions -- to provide protection against XSS attacks. This approach works by first defining a valid or allowable set of characters, and encodes anything outside this set (invalid characters or potential attacks). The white-listing approach provides several advantages over other encoding schemes. New features in this version of the Microsoft Anti-Cross Site Scripting Library include:- A customizable safe list for HTML and XML encoding- Performance improvements- Support for Medium Trust ASP.NET applications- HTML Named Entity Support- Invalid Unicode detection- Improved Surrogate Character Support for HTML and XML encoding- LDAP Encoding Improvements- application/x-www-form-urlencoded encoding support

Download: http://www.microsoft.com

Barracuda Networks website Hacked

Full Disclosure:Barracuda Networks Hacking via SQL Injection.

Barracuda Networks Inc. combines premises-based gateways and software, virtual appliances, cloud services, and sophisticated remote support to deliver comprehensive content security, data protection and application delivery solutions. The company’s expansive product portfolio includes offerings for protection against email, Web and IM threats as well as products that improve application delivery and network access, message archiving, backup and data protection.

More info: http://hmsec.tumblr.com/

Barracuda Networks injected with ultimate irony

But how and why ? when they have already Barracuda Networks Security Bug Bounty Program





Anyway,there's nothing surprising..all Barracuda sites are full of bugs :)



Some XSS POC:

http://www.barracudacentral.org


http://www.barracudalabs.com

Barracuda Networks website Hacked

Full Disclosure:Barracuda Networks Hacking via SQL Injection.

Barracuda Networks Inc. combines premises-based gateways and software, virtual appliances, cloud services, and sophisticated remote support to deliver comprehensive content security, data protection and application delivery solutions. The company’s expansive product portfolio includes offerings for protection against email, Web and IM threats as well as products that improve application delivery and network access, message archiving, backup and data protection.

More info: http://hmsec.tumblr.com/

Barracuda Networks injected with ultimate irony

But how and why ? when they have already Barracuda Networks Security Bug Bounty Program





Anyway,there's nothing surprising..all Barracuda sites are full of bugs :)



Some XSS POC:

http://www.barracudacentral.org


http://www.barracudalabs.com

Web application vulnerabilities in context of browser extensions

2: Opera

Intro
Lets continue to research possible security problems in case of using popular web technologies in browser extensions. Opera is one of the most powerful web browsers today.It has fast rendering and JavaScript engines and a lot of other useful features. For a long time Opera was all-in-one thing in opposition to Mozilla Firefox with its addons. But now when one more strong player called Google Chrome comes into the game in browser's market, Opera decided to support extensions too (yes-yes, I remember about Opera widgets).

Download: PDF

Web application vulnerabilities in context of browser extensions

2: Opera

Intro
Lets continue to research possible security problems in case of using popular web technologies in browser extensions. Opera is one of the most powerful web browsers today.It has fast rendering and JavaScript engines and a lot of other useful features. For a long time Opera was all-in-one thing in opposition to Mozilla Firefox with its addons. But now when one more strong player called Google Chrome comes into the game in browser's market, Opera decided to support extensions too (yes-yes, I remember about Opera widgets).

Download: PDF

Preventing XSS Attacks

Cross Site Scripting (XSS) attacks are amongst the most common types of attacks against web applications. XSS attacks all fall under the same category however a more detailed look at the techniques employed during XSS operations reveals a multitude of tactics that exploit a variety of attack vectors. A detailed look at XSS attacks can be found in the following article; Cross-Site Scripting attack.

This article guides you through the most common and useful XSS prevention mechanisms which are Filtering and Escaping.

More: http://www.acunetix.com

Preventing XSS Attacks

Cross Site Scripting (XSS) attacks are amongst the most common types of attacks against web applications. XSS attacks all fall under the same category however a more detailed look at the techniques employed during XSS operations reveals a multitude of tactics that exploit a variety of attack vectors. A detailed look at XSS attacks can be found in the following article; Cross-Site Scripting attack.

This article guides you through the most common and useful XSS prevention mechanisms which are Filtering and Escaping.

More: http://www.acunetix.com

OWASP AntiSamy v.1.4.4 Released

The OWASP AntiSamy project is an API for safely allowing users to supply their own HTML and CSS without exposure to XSS vulnerabilities.

The biggest move of this release is to officially change the default parser/serializer from the DOM engine to the SAX engine. We’ve had two engines for the past few versions, but maintaining two engines concurrently is kinda crazy. The SAX version is twice as fast and much better on memory. Even though all of our test cases pass for both engines, I still anticipate some growing pains in the SAX version, which is why I think most critical applications should stick to 1.4.3 for now.

Changelist:
-fixed error message not sanitizing CDATA payloads when encountered (should only concern you if you use error messages + exactly version 1.4.3)
-tags that are allowed to be empty are no longer hardcoded and can be set in the policy file (), with a safe default list if none are provided
-continued to try to make SAX and DOM version semantically if not literally identical output
-added test cases to regression
-fixed Julian Cohen’s privately reported stack exhaustion bug by applying a tree depth check (the max depth of a DOM tree is now 250)
-no longer Java 1.4 compatible

Download: http://code.google.com

OWASP AntiSamy v.1.4.4 Released

The OWASP AntiSamy project is an API for safely allowing users to supply their own HTML and CSS without exposure to XSS vulnerabilities.

The biggest move of this release is to officially change the default parser/serializer from the DOM engine to the SAX engine. We’ve had two engines for the past few versions, but maintaining two engines concurrently is kinda crazy. The SAX version is twice as fast and much better on memory. Even though all of our test cases pass for both engines, I still anticipate some growing pains in the SAX version, which is why I think most critical applications should stick to 1.4.3 for now.

Changelist:
-fixed error message not sanitizing CDATA payloads when encountered (should only concern you if you use error messages + exactly version 1.4.3)
-tags that are allowed to be empty are no longer hardcoded and can be set in the policy file (), with a safe default list if none are provided
-continued to try to make SAX and DOM version semantically if not literally identical output
-added test cases to regression
-fixed Julian Cohen’s privately reported stack exhaustion bug by applying a tree depth check (the max depth of a DOM tree is now 250)
-no longer Java 1.4 compatible

Download: http://code.google.com

My Opera XSS

My Opera - Share your photos, get a free blog and meet friends

my.opera.com vulnerable to Cross-site scripting (XSS)

Poc: It's still alive!

http://my.opera.com/community/photos/search?q=XSS










http://my.opera.com/community/rss/standalone.pl?url=XSS





Mirror: http://www.xssed.com

My Opera XSS

My Opera - Share your photos, get a free blog and meet friends

my.opera.com vulnerable to Cross-site scripting (XSS)

Poc: It's still alive!

http://my.opera.com/community/photos/search?q=XSS










http://my.opera.com/community/rss/standalone.pl?url=XSS





Mirror: http://www.xssed.com

XSSer v1.5 beta Released

Cross Site "Scripter" is an automatic -framework- to detect, exploit and report XSS vulnerabilities in web-based aplications.It contains several options to try to bypass certain filters, and various special techniques of code injection.

Added GTK option + Heuristic test + HTTP Response Splitting (ak.a Induced attack!) + Do(Server) injection + Final code (added DCP & DOM injections) + Update option + Code clean + Bugfixing + New options menu + More advanced statistics system + Updated dorkerers list.
GTK: Intuitive navigation + Wizard helper ("build your pentesting answering some questions") + Expert visor (with target(s) geolocation included + Documentation.
Created XSSer package (v1.5) for Ubuntu/Debian based systems.

Download: http://sourceforge.net

Video demo: http://blip.tv

XSSer v1.5 beta Released

Cross Site "Scripter" is an automatic -framework- to detect, exploit and report XSS vulnerabilities in web-based aplications.It contains several options to try to bypass certain filters, and various special techniques of code injection.

Added GTK option + Heuristic test + HTTP Response Splitting (ak.a Induced attack!) + Do(Server) injection + Final code (added DCP & DOM injections) + Update option + Code clean + Bugfixing + New options menu + More advanced statistics system + Updated dorkerers list.
GTK: Intuitive navigation + Wizard helper ("build your pentesting answering some questions") + Expert visor (with target(s) geolocation included + Documentation.
Created XSSer package (v1.5) for Ubuntu/Debian based systems.

Download: http://sourceforge.net

Video demo: http://blip.tv

DOMXSS Scanner

What is DOMXSS Scanner?

DOMXSS Scanner is an online tool that helps you find potential DOM based XSS security vulnerabilities. Enter a URL to scan the document and the included scripts for DOMXSS sources and sinks in the source code of Web pages and JavaScript files. More about DOMXSS Scanner.

What is DOM Based XSS?

DOM Based XSS (or as it is called in some texts, “type-0 XSS”) is an XSS attack wherein the attack payload is executed as a result of modifying the DOM “environment” in the victim’s browser used by the original client side script, so that the client side code runs in an “unexpected” manner. That is, the page itself (the HTTP response that is) does not change, but the client side code contained in the page executes differently due to the malicious modifications that have occurred in the DOM environment.

http://www.domxssscanner.com

DOMXSS Scanner

What is DOMXSS Scanner?

DOMXSS Scanner is an online tool that helps you find potential DOM based XSS security vulnerabilities. Enter a URL to scan the document and the included scripts for DOMXSS sources and sinks in the source code of Web pages and JavaScript files. More about DOMXSS Scanner.

What is DOM Based XSS?

DOM Based XSS (or as it is called in some texts, “type-0 XSS”) is an XSS attack wherein the attack payload is executed as a result of modifying the DOM “environment” in the victim’s browser used by the original client side script, so that the client side code runs in an “unexpected” manner. That is, the page itself (the HTTP response that is) does not change, but the client side code contained in the page executes differently due to the malicious modifications that have occurred in the DOM environment.

http://www.domxssscanner.com

XSS Rays - Google Chrome Browser Extensions

Complete XSS reversing/scanner tool. Find how a site is filtering code, check for injections and inspect objects.

XSS is a security tool to help pen test large web sites. It's core features include a XSS scanner, XSS Reverser and object inspection. Need to know how a certain page filters output? Don't have the source? No problem. XSS Rays will blackbox reverse a XSS filter without needing the source code.

You can also extract/view and edit forms non-destructively that normally can't be edited. For example if you want to modify the value of a checkbox without changing it's type XSS Rays can link to the object and allow you to change the value without altering the original object.

Using the object inspector you can browse through the window object and edit the contents of the functions in real time allowing you to dissect a web page and understand more how it works. This also works with globally defined functions, you can see which functions the developer has decided to place within the window object.

Download: https://chrome.google.com

More info: http://www.thespanner.co.uk


thanks to Gareth Heyes for the great work !

XSS Rays - Google Chrome Browser Extensions

Complete XSS reversing/scanner tool. Find how a site is filtering code, check for injections and inspect objects.

XSS is a security tool to help pen test large web sites. It's core features include a XSS scanner, XSS Reverser and object inspection. Need to know how a certain page filters output? Don't have the source? No problem. XSS Rays will blackbox reverse a XSS filter without needing the source code.

You can also extract/view and edit forms non-destructively that normally can't be edited. For example if you want to modify the value of a checkbox without changing it's type XSS Rays can link to the object and allow you to change the value without altering the original object.

Using the object inspector you can browse through the window object and edit the contents of the functions in real time allowing you to dissect a web page and understand more how it works. This also works with globally defined functions, you can see which functions the developer has decided to place within the window object.

Download: https://chrome.google.com

More info: http://www.thespanner.co.uk


thanks to Gareth Heyes for the great work !

XSS Street-Fight: The Only Rule Is There Are No Rules

XSS Introduction

Attack: XSS
Attacker can send data through web applications that will execute code within the victim’s web browser
It is an interpreter attack against the web browser
Application Defects: Improper Output Handling
Application does not properly apply contextual output encoding/escaping of user supplied data
Types:
Reflected,Stored and DOM
Consequences:
Session Hijacking,Malware Installation,Fraud (CSRF)
Remediation: Contextual Output Encoding
Must escape differently depending where data is displayed on the page
− HTML,HTML Attribute,URL,JavaScript,CSS
Reference: OWASP XSS Cheatsheet
http://www.owasp.org

Download: PDF