Sunday 21 September 2014

Nokia Web Security Bug Reward: Directory Traversal / Local File inclusion Vulnerability




Little Insight: 

 

Well this is my first Directory Traversal Vulnerability / Local File inclusion Vulnerability

 

which I spotted in  http://conversations.nokia.com  

 

Report Date :  5th march 2014 

 

Reward For  Directory Traversal Vulnerability  : Nokia  Lumia 925 Phone

 

How This Work


when i was testing it was found url a link on  subdomain 


with post request 

action=get_ajax_post_template&page=2&param=4614&postPerPage=12&template=

when i am use any word template=Jeet thats show 200  responce with result as 0






Template parameter show its access another url form site


 ... now work begin....


My Finding....




with post request 

action=get_ajax_post_template&page=2&param=4614&postPerPage=12&template=

Template parameter show its access another url That's gave me a hint may be there is an LFI

Then i am  Googled for a cheat sheet For Directory Traversal

In a few minutes complete Task and found Traversal parameter....as


../.../.././../.../.././../.../.././../.../.././../.../.././../.../.././etc/passwd

 

 

 Normal Request..

 

 

 

 

 

 After Payload...

 

 

 

 

More Information

 

The vulnerability mentioned here has been confirmed patched by the Nokia Security Team.

 

 


Monday 1 September 2014

Microsoft: Exploiting XSS with clickjacking


Little Insight: 

Click jacking just hide-the-button-and-follow-the-mouse. also know as  UI Redressing (its just playing with the UI of the victim application by clicking and mouse event . In this post we'll show  UI-Redressing attack and how an attacker may trigger an unexploitable XSS flaw in an application

How This Work?


UI-Redressing follow some techniques for making successful attack

  1. using mouse clicks
  2. making an invisible iframe & follow the mouse
  3. showing only a certain small part of a web page in a frame
  4. dragging a text out of an application
  5. dragging a text into an application


My Finding....


Domain: http://m.microsoft.com

vulnerable parameter : phrase = xss

 Poc url :


After using url .In result its xss payload store as  hyperlink tag as click here to see result






When user click on hyperlink tag that xss run 





That's an Self Xss which want user interaction but in that m found domain not set any security for X-Frame-Options Header its make an idea for Exploiting XSS with clickjacking 


I am set an iframe with poc url on my website  with some button when user come to my site and click on any button I can steal users cookie of Microsoft account with sessions 






 See  behind the click button







When User click button Exploiting XSS with click-jacking




More Information

 

The vulnerability mentioned here has been confirmed patched by the Microsoft Security Team.