Kartier Pohs

Thursday, August 27, 2015

Cross Site Scripting Vulnerability in Nvidia.

Nvidia is a well known Graphics card manufacturer company.When I tested website of Nvidia http://www.nvidia.com.I found a Cross site scripting vulnerability ther.I reported this vulnerability to the security team of Nvidia and got reply within 1 hour.It shows that they are very carefull about security of their website.
 
Vulnerability Type: Reflected XSS(Cross site scripting) Vulnerable Link: http://www.nvidia.com/object/submit-security-vulnerability.html

Payload used:
"><svg/onload=prompt(/XSS-Tested-By-Yogesh-Prasad/);>

Reproduction step:

 
 
step2- There are many input boxes in the above link.But all the input boxes are not vulnerable.
Only 3 input boxes are vulnerable,which is loophole for hackers.
Three input boxes 
"Explanation",
"Please describe the best way to replicate this security issue" and 
"Please provide sample code or proof of concept, if any." are vulnerable to XSS.
 
step3- Now start filling that form.In above given 3 vulnerable input boxes use this payload "><svg/onload=prompt('XSS');>
step4- Fill remaining fields with rough details like xyz.
Step5- Click on submit
DONE!! You will see the XSS popup box.
 
 
Proof:
Cross Site Scripting Vulnerability in Nvidia.


For reporting this vulnerability I got Appreciation certificate from Nvidia Team.
Cross Site Scripting Vulnerability in Nvidia.








Read more ...

Tuesday, August 25, 2015

Cross Site Scripting Vulnerability in Inflectra.

While testing on website ,I found security vulnerability/bug on website https://www.inflectra.com/. This website provides Hall of Fame for Bug Hunters or security researchers to report the vulnerability.So i decided to test this website.By luck and my hard work I found 2 XSS vulnerability on this website.1st was Reflected XSS and another was Persistence XSS.

                                                 Vulnerability 1:

Vulnerability Type: Reflected XSS(Cross site scripting)

Vulnerable Link: http://www.inflectra.com/Support/External.aspx

Payload used: "/><img src=x onerror=alert(/XSS-Tested-By-Yogesh-Prasad/)>


Reproduction step:
1- Go to http://www.inflectra.com/Support/External.aspx2- In search box "First search box" use above given payload.
Press Enter and you will get the "popup box" generated by XSS.

Proof:

Cross Site Scripting Vulnerability in Inflectra.



                                                          Vulnerability 2:

Vulnerability Type:Stored XSS(Cross site scripting)

Vulnerable Link 1: https://www.inflectra.com/Support/Account/Register.aspx

Vulnerable Link 2: https://www.inflectra.com/Support/Account/Default.aspx

Payload used: "/><img src=x onerror=alert(/XSS-Tested-By-Yogesh/)>


Reproduction step:
1- Go to https://www.inflectra.com/Support/Account/Register.aspx
2- In the First name and Last name boxes use above given payload.and in remaning field use rough details for test
3-
Press Enter and your account will be created.
4- Now in "top right side"  you will get the option of profile shown with your username as shown in below picture.
Proof:
Cross Site Scripting Vulnerability in Inflectra.

Cross Site Scripting Vulnerability in Inflectra.

For reporting this vulnerability I got listed in their Hall Of Fame Page.
http://www.inflectra.com/Company/Responsible-Disclosure.aspx
Cross Site Scripting Vulnerability in Inflectra.
 













Read more ...

Saturday, August 22, 2015

Cross site scripting Vulnerability in Eset

This is my first finding in Bug hunting.I found Cross site scripting vulnerability on Eset's website.
So here i am going to share POC of this vulnerability to you.It will help you to understand the concepts of this vulnerability and you will learn how to find and reproduce this vulnerability.Below are the steps to reproduce the vulnerability.

[+]Website: http://eset.com.np[+]Vulnerable link : http://eset.com.np/inquiry/
[+]Vulnerability Type: XSS(Cross site scripting)
[+]Payload used:  "/><img src=x onerror=prompt(1)>
[+]Status: Patched

Reproduction Steps :
1-  Go to http://eset.com.np/inquiry/
2-  In the "First Name" and "Last Name" field use the above payload(make sure to type it manually).
3-
And fill all other field with rough details.
4- Click on Submit Query button
5- You will get the "popup box" generated by XSS.

Snap Shot :
Cross site scripting Vulnerability in Eset
Read more ...

Sunday, August 16, 2015

Google Dorks to find websites for XSS.

Cross site scripting is very common vulnerability in websites.So its very important to learn and find xss(cross site scripting) vulnerability on websites.Usually cross site scripting vulnerability is easy to find in normal cases but if websites are using filters or encoding then it is difficult to find xss in website.
But the question arises that "how to find websites for finding xss".The answer is google dorks.Yeah we can use google dorks to find websites for xss vulnerabiltiy.
Here i am going to provide a list of google dorks which is very useful for security researcher to find website for xss.


Google Dorks to  find websites for XSS.

inurl:".php?cmd="
inurl:".php?z="
inurl:".php?q="
inurl:".php?search="
inurl:".php?query="
inurl:".php?searchstring="
inurl:".php?keyword="
inurl:".php?file="
inurl:".php?years="
inurl:".php?txt="
inurl:".php?tag="
inurl:".php?max="
inurl:".php?from="
inurl:".php?author="
inurl:".php?pass="
inurl:".php?feedback="
inurl:".php?mail="
inurl:".php?cat="
inurl:".php?vote="
inurl:search.php?q=
inurl:com_feedpostold/feedpost.php?url=
inurl:scrapbook.php?id=
inurl:headersearch.php?sid=
inurl:/poll/default.asp?catid=
inurl:/search_results.php?search=

These are some basic dorks but you can make your own custom dorks to find websites.
Read more ...

Friday, August 14, 2015

XSS WEB APPLICATION FILTERS BYPASS

Sometimes when we use our payload for xss in any of the input area or in url parameters,it results in unsuccessful attack vector because website itself use filters for these type of malicious attack vectors.So in this case we need to bypass these filters.Here is a list of methods which is useful to bypass these types of filters.
Bypassing using Character Sets:-

Method 1 :-

Undesirability:- 
XSS WEB APPLICATION FILTERS BYPASS



Method 2:-

In some situations, you can employ a powerful means of bypassing many types
of filters by causing the application to accept a nonstandard encoding of your
attack payload. The following examples show some representations of the string
<script>alert(document.cookie)</script> in alternative character sets:


UTF-7
+ADw-script+AD4-alert(document.cookie)+ADw-/script+AD4-


US-ASCII
BC 73 63 72 69 70 74 BE 61 6C 65 72 74 28 64 6F ; ¼script¾alert(do
63 75 6D 65 6E 74 2E 63 6F 6F 6B 69 65 29 BC 2F ; cument.cookie)¼/
73 63 72 69 70 74 BE ; script¾


UTF-16
FF FE 3C 00 73 00 63 00 72 00 69 00 70 00 74 00 ; ÿþ<.s.c.r.i.p.t.
3E 00 61 00 6C 00 65 00 72 00 74 00 28 00 64 00 ; >.a.l.e.r.t.(.d.
6F 00 63 00 75 00 6D 00 65 00 6E 00 74 00 2E 00 ; o.c.u.m.e.n.t...
63 00 6F 00 6F 00 6B 00 69 00 65 00 29 00 3C 00 ; c.o.o.k.i.e.).<.
2F 00 73 00 63 00 72 00 69 00 70 00 74 00 3E 00 ; /.s.c.r.i.p.t.>.

These encoded strings will bypass many common anti-XSS filters ;)

Read more ...

Monday, August 10, 2015

Google is renaming itself as “Alphabet”

Yes you read right in post title “Google is renaming  itself  as Alphabet”. This is a big change in Google’s history. Google is going to create a parent company named Alphabet. Without doubt, Google is biggest search engine in the world. Google started as a company that built a search engine, but now it is much more than a search engine. Google acquired  many  popular internet products, like YouTube, Android, and Gmail.
Google is renaming  itself  as “Alphabet”

Page will be the CEO of Alphabet, and Brin will be its president. Here a question arises that who will be the next CEO of google ? Yes this is a big question and answer of this question will make Indians to feel proud. Because new CEO of google is an Indian body. Yes  Sundar Pichai is new CEO of GOOGLE. Mr. Pichai, 43 years old, who will become chief executive of the new Google Inc., Alphabet’s search, advertising and mobile unit. Mr. Pichai has been effectively running those businesses for a year.
Google is renaming  itself  as “Alphabet”

" For Sergey and me this is a very exciting new chapter in the life of Google -- the birth of Alphabet. We liked the name Alphabet because it means a collection of letters that represent language, one of humanity's most important innovations, and is the core of how we index with Google search! We also like that it means alpha-bet (Alpha is investment return above benchmark), which we strive for! I should add that we are not intending for this to be a big consumer brand with related products--the whole point is that Alphabet companies should have independence and develop their own brands.

We are excited about…
  • Getting more ambitious things done. 
  • Taking the long-term view. 
  • Empowering great entrepreneurs and companies to flourish. 
  • Investing at the scale of the opportunities and resources we see. 
  • Improving the transparency and oversight of what we’re doing. 
  • Making Google even better through greater focus. 
  • And hopefully...as a result of all this, improving the lives of as many people as we can.
What could be better? No wonder we are excited to get to work with everyone in the Alphabet family. Don’t worry, we’re still getting used to the name too! "


So this may be an excited news for everyone,because this is related to Google and google is well known for world class service due to its efficiency and security.
Read more ...

Saturday, August 8, 2015

How to access email without password ?

After a long time i am here with an interesting post.I hope you will like it because after reading this post you can access email without password..Yeah you listened right.You can use an email without password.These types of emails called as disposable email.
Here we will access emails without any password.There are lot websites on Internet who provide these types of services.Here i will give you example with one website and will explain you that how to use these types of email.
How to access email without password ?
Here will take example of a disposable email website called YOPMAIL.COM
Just follow these steps and you will be able to use these types of services.

Step 1: Go to www.yopmail.com
How to access email without password ?

Step 2: Now you can choose any email with domain yopmail.com
             like indiancomputerwizard@yopmail.com
             

How to access email without password ?

Step 3: Now you will be able to see that i have used indiancomputerwizard@yopmail.com as my  mail address.

Step 4: Now click on check inbox and you will find blank inbox,because it is a fresh email. 
Step 5: Now use this email for any purpose ,to register anywhere.


Step 4:Now check your inbox ,you will get emails here and it will not ask any password to you.

Enjoy !!!!

Read more ...
Copyright 2015 @ Yogesh Prasad