Skip to main content

usa.gov | xss, remote code execution

Talibans could attack the usa's website too :) lol.

I don't want to offend anybody ... it's just to say something funny.
And I've warned the tech support instead of defacing the website as someone else could have done for a lot of popularity.



http://answers.usa.gov/cgi-bin/gsa_ict.cfg/php/enduser/chat.php


sample
"><script>alert(document.cookie);</script><"


with a more elaborated (external) script you can create a phishing page with a different chat.
With a bit of social engineering and an external script (my post2get.php ?) you can even grab the cookies.
I've already grabbed a session id but without luck (I don't know the administrative/login/authentication pages (and I don't want to know them 8) ).




Remote code execution. Input is not sanitized.








As a proof I've contacted them via the (same) chat.
-----------------------------------------------------------
Karessa G.: Hi, my name is Karessa G.. How may I help you?
walter : hello
walter : are you human or a bot?
Karessa G.: I am a real person. How may I help you today?
walter : Ok. I'm not american. Anyway you've a small problem with this chat. Malicious persons can gather sensitive informations about the users session via XSS (cross site scripting). This is quite important for your security (I suppose). If you can send this information to the technical staff.
Karessa G.: One of our staff members, Jacob Parcell, is the best resource to answer your inquiry. Please e-mail him with your questions and he will be happy to answer them. His e-mail address is jacob.parcell@gsa.gov.
Karessa G.: I hope you find this information helpful. Do you have any other questions?
walter : I don't need an answer. It's your problem. Anyway I will send him an email.
Karessa G.: Thank you.
walter : Have a nice day :)
Karessa G.: You too.
Karessa G.: Thank you for contacting USA.gov. We would like your feedback on our performance. You can let us know what you think by visiting  http://www.info.gov/NCCsurvey.htm You may need to copy and paste that link into your browser's address bar.
-----------------------------------------------------------


After that I've sent the email.

They have replied after about 3 days. They are checking the problems right now.

Comments

Popular posts from this blog

Moodle 3.8.1+ - path leak via errors in several files

Moodle 3.8.1+ ----------------------------------------------- File: admin/mailout-debugger.php #!/usr/bin/php Notice : Disabled. in \admin\mailout-debugger.php on line 73 File: admin/settings/appearance.php Notice : Undefined variable: hassiteconfig in \admin\settings\appearance.php on line 10 Fatal error : Uncaught Error: Call to undefined function has_any_capability() in \admin\settings\appearance.php:10 Stack trace: #0 {main} thrown in \admin\settings\appearance.php on line 10 File: admin/settings/badges.php Notice : Undefined variable: hassiteconfig in \admin\settings\badges.php on line 30 Fatal error : Uncaught Error: Call to undefined function has_any_capability() in \admin\settings\badges.php:30 Stack trace: #0 {main} thrown in \admin\settings\badges.php on line 30 File: admin/settings/courses.php Notice : Undefined variable: hassiteconfig in \admin\settings\courses.php on line 32 Fatal error : Uncaught Error: Call to undefined function

2022 - Remove (the too many) Ads from Memu launcher

Simple method Download from pureapk "MEmu Launcher2" ex: MEmu Launcher2_v6.0.9_apkpure.com Install "System app remover" (root) remove from system apps the "memu launcher 2" import the "purified" MEmu Launcher2 apk with the Memu utility ("apk" on the right toolbar) Longer method Install "Export Apk" Export the memu launcher2  Install purify https://github.com/echo-devim/purify/raw/master/Purify.apk use purify with the exported memu launcher 2 Install "System app remover" (root) remove from system apps the "memu launcher 2" import the "purified" MEmu Launcher2 apk with the Memu utility ("apk" on the right toolbar)