Skip to main content

XSS www.reply.it - sec. vulnerabilities


XSS
reply.it/it/search/?lang=IT&search=<script>alert(1);</script>
XSS
http://www.reply.it/en/tagSearch?tags=Financial+Reports%3Cscript%3Ealert%281%29;%3C/script%3E

mirror (?) - same
http://d3v578iyw1eidm.cloudfront.net/



several problems in the jsp scripts (unmanaged null exceptions, data of the template, data, etc)

template(?) is visible by requesting a wrong id (?)
http://reply.it/it/practices/cloudcomputing/readd,7700-


sample of the output (ex. http://reply.it/it/practices/cloudcomputing/readd,7700- )
---------------
<div class="yui-gc clear" id="unacolonna">
                              <div class="yui-u first" id="col_2_3_sx">
                                     <div class="tab">
                              ^service_link^
                                            
                              ^tag_contenuto^
         ^dettaglio_contenuto^
              
                                </div>

                               </div>
                        <div class="yui-gb">
                             ^box_jolly_cx_2^
                             ^box_jolly_cx_3^
                             ^box_jolly_cx_4^
--------------- 


It's possible to add data via POST and can be parsed as within the template.


(useless .. but could be used as a possible XSS attack)


 


--------------- 


bug in the getahead dwr library (ajax for java) ..... (old version?).


It's possible to login without logging.


(a simple request to this path)


http://www.reply.it/WPSReply2009/dwr/exec/RegistrationHandler.loginUser.dwr 














































Comments











Post a Comment



















Popular posts from this blog



















Hashes Algorithms used in different web applications




























Hashes Algorithms used in different web applications.  I've done this list by hand. Not all the hashes algos are correct (I've generically added md5 or ??? where is unkwnown).  If you are interested send corrections and I will update it.  I will publish also a better version with tabs.  You can reproduce it without problems. It's part of the project mdcrack gui on sourceforge.  Use the | as data separator.   -----------------------------------------------------------------------------------------------------------------------------------------------------  |  Title    | Hash Algorithm    | TablePrefix | Table Name  | Website           |  -----------------------------------------------------------------------------------------------------------------------------------------------------  |  1C Битрикс   | md5($pass)     |    |     |http://www.1c-bitrix.ru/  |  1024cms    | md5($pass)     |    |     |http://www.1024cms.org/  |  4images    | md5($pass)     |    |     |http://ww...




















Post a Comment









Read more




























2022 - Remove (the too many) Ads from Memu launcher




























Simple method Download from pureapk "MEmu Launcher2" ex: MEmu Launcher2_v6.0.9_apkpure.com Install "System app remover" (root) remove from system apps the "memu launcher 2" import the "purified" MEmu Launcher2 apk with the Memu utility ("apk" on the right toolbar) Longer method Install "Export Apk" Export the memu launcher2  Install purify https://github.com/echo-devim/purify/raw/master/Purify.apk use purify with the exported memu launcher 2 Install "System app remover" (root) remove from system apps the "memu launcher 2" import the "purified" MEmu Launcher2 apk with the Memu utility ("apk" on the right toolbar)      




















Post a Comment









Read more




























[FIX] cyberpunk skip dialogue disappeared - pc Y button




























  open C:\Games\Cyberpunk 2077\r6\config\inputUserMappings.xml with a text editor (ex. notepad++)   find   <mapping name="SceneFastForward_Button" type="Button" > ... </mapping> example (my non working settings)     <mapping name="SceneFastForward_Button" type="Button" >         <button id="IK_Pad_DigitLeft" />         <button id="IK_Y" overridableUI="fastForward" />     </mapping> and REPLACE it with the following:     <mapping name="SceneFastForward_Button" type="Button" >         <button id="IK_Pad_B_CIRCLE" />         <button id="IK_C" overridableUI="fastForward"/>     </mapping> thanks to the vanilla xml files on nexus mods as the original source.




















Post a Comment









Read more