Zoiz Blog

This is rare, but there is one. A live XSS out there on one of Yahoo!’s portal (Found by Lokipaki). And the XSS is base64 encoded. When I tried the XSS myself, I felt a little shocked because this XSS actually bypassed No-Script plugin.

Here is the Proof of Concept :

http://bbs.cn.yahoo.com/searchApplyBoard/PHNjcmlwdD5hbGVydCgiWFNTLWJ5cGFzcy1Oby1TY3JpcHQiKTwvc2NyaXB0Pg==.html

Result :

XSS on Yahoo over No-Script plugin. It’s a triple kill! I know Yahoo! is in the No-Script white-list, but I thought No-Script was supposed to block this XSS anyway. What do you think?

I’ve been very busy doing some project out there and so I can barely have time thinking or doing something new. Now I am back here again to share my ideas on this very little blog. This time I will talk about Browser Based Distributed Denial Of Service.

This might not be a new topic here, but I found out that my visitors are hardly interested with this topic. And I ever discussed this with RSnake a little bit, and he seems to be not interested too. I’ll use this article to show you the “yo” side of a browser based DDoS payloads.

If you haven’t read my previous articles, you might be interested to take a peek on them.

• Using CSRF to launch Denial Of Service, or
• CSRF on SiteMap Generator Site = Denial Of Service

The point / main purpose of using CSRF to Denial Of Service is the attacker uses your browser capability to do malicious request without you knowingly to launch a Denial Of Service to one or more targeted victims. Thus you might become the zombie computer by simply visiting a malicious site.

It’s not without prove. This morning I tried to launch a DoS to one of my site. And the result was within 5 minutes, I got a warning that telling that my site was suspended due to CPU usage exceeded. And it was down for approximately 10 minutes. And when I took a look into the log, I notice that actually this technique execute >4500 pages from my site within a few minutes. How is the payload? Here is the screenshot :

And my site was suspended as the result :

So next time you visit new sites, please take more cautious. Browse the Net using No-Script is very recommended.

Thanks!

By : Zoiz – http://zoiz.web.id
Nothing is Secure

If you have read my previous article about CSRF on SiteMap Engine to launch a Denial Of Service (Sorry for my noob-ness that I targeted DoS to exhaust server bandwith). This time I am going to show you how to launch a DoS using CSRF that will burden the server load.

Here the story goes : Read the rest of this entry »

Hackers.web.id is a newly formed and independent computer security consultant which operates in Indonesia & Australia. They dedicated to Information Technology Security Industries and set their main goal to provide the ultimate security assessment discipline to improve the Web Application Security.

Hackers.web.id has a combining of 15 years of experience in IT Security Industries and their contribution to the security industries is acknowledgeable. Such as internal consulting to Yahoo7 Inc., the Biggest ever Zero-Day Vulnerability Report in Indonesia history, advisories to some of world’s biggest social community network such as Friendster,  and also Web Application Security Assessment to several International IT Companies.

Hackers.web.id provided an one-stop Web Application Security consultations and services to fit your company needs. Please visit their home page for more information.