Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- +-------------------------------------------+
- Title : TMR XSS + HTML Injection
- Target site : http://timra.se/
- Vuln Type : Hyper Text Markup Language Injection
- Author : Avatar Fearless
- Info (i) ~~~~~~
- Header's :
- HTTP/1.1 200 OK =>
- Cache-Control => private
- Content-Type => text/html; charset=utf-8
- Expires => Thu, 11 Oct 2012 16:15:34 GMT
- Server => Microsoft-IIS/7.5
- Set-Cookie => ASP.NET_SessionId=aulv0q5u52murewpydzjbjc2; path=/; HttpOnly
- X-AspNet-Version => 4.0.30319
- X-Powered-By => ASP.NET
- Date => Fri, 12 Oct 2012 16:15:34 GMT
- Connection => close
- Content-Length => 19669
- Tested on : WIndows 7 Professional x86
- Analytics : Google Analytics
- [# Website Pageviews
- 1 www.google.com 32,074
- 2 stackoverflow.com 25,706
- 3 www.reddit.com 22,825]
- System :
- ~jQuery(Javascript Framework)
- ~IIS (Web Server)
- ~Microsoft ASP.NET(Web Framework)
- ~Windows Server(Operating System)
- +-------------------------------------------+
- Vulnerability on : Search System(Search Plugin/widget)
- +------------------!Using HTML injection!------------------+
- Taget : www.timra.se
- Searching something easy(ex: asd) :
- http://timra.se/sok/?query=asd
- Using <h1> HTML tag`s :
- http://timra.se/sok/
- It parse in URL & take in input. But it not parse in search textbox & it take in input.
- http://imageshack.us/scaled/landing/28/tmrw.png
- +------------------!Using Cross Site Scripting{XSS}!------------------+
- Target : www.timra.se
- Searching Something easy[again ;P](ex: asd) :
- http://timra.se/sok/?query=asd
- Using most usually JS(Javascript) tag <script>alert(1);</script> :
- http://timra.se/sok/
- It parse in URL & take in input. But it not parse in search textbox & it take in input.
- http://imageshack.us/scaled/landing/21/tmr2.png
- Bonus Proof :
- http://youtu.be/qJo-daSAXnY
- SHOUT`ZZZ & RESPECT TO :
- Anti-armenia.ORG (AA - Anti-armenia Team)
- All My Bro'S & ESPECIALLY :
- AkaStep , MetaizM , Ferid23 , BOT_25 , Leroy , AzSecurity
- All Anti-armenia Team member's!!!
- +-------------------------------------------+
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement