Thread: Pop-ups?
View Single Post
Old 08-21-07, 03:56 PM   #31
Registered User
Join Date: Jul 2005
Posts: 3,606
Default Re: Pop-ups?

Here's over the wire, as you can see, I was right about the cookie.

GET /static/sc_trans2_black_li-350x250-1l-eng-nul.swf?clickTag=javascript:DL_GotoSurvey();&clickTag2=javascript:DL_Close(); HTTP/1.1

Accept: */*
x-flash-version: 9,0,16,0
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Connection: Keep-Alive
Cookie: linkjumptest=1
Here's the direct link to the annoying worthless flash that flies across your screen:

And here's me owning that same link with a blatant XSS vulnerability:

Code:;&clickTag2=javascript:alert('evilghost is your daddy');
Go ahead, open it, and click the 'Close' button

MikeC, if you want to engage intellitxt, this post is what you need. It's the direct URL to the flash they are serving up.
evilghost is offline   Reply With Quote