0wning RSnake For Fun and PageRank

November 6, 2007

So, you’re sitting on the sla.ckers.org irc channel one day and someone is poking around with one of RSnake’s tools, and finds that its not working, or at least that’s what it seems like untill they realise that its not just broken, its broken in a fun XSS way :) – what do you do?

Do you:
a) Urge the person to report the problem to the vendor (RSnake), and get mad props for being awesome?
b) Scream about how the vendor is a security “expert” and needs to “secure their shit!!!1111”?
c) 0wn the vendor for Fun and PageRank

Well, to me, the answer seemed fairly obvious. Since the “Evil Advertising Empire” (Google), cue ominous music….now, had done a little dance and increased the PageRank of our blogs, we had gotten a taste of the power which we could amass, muahahaha, and we wanted more! Or at least I did…..

So anyway, Hey RSnake :) Thanks for the free advertising space.

Anyway, credit goes to:

sirdarckcat for not only being generally awesome, but finding the actual exploit.

thornmaker for (inadvertently) providing us with a method to get our payload through NoScript (Javascript variable setter’s and window.name FTW!), so umm, hey thornmaker :)

Gareth Heyes for doing that awesome research on selective payloads using CSS, which where implemened in the exploit.

kuza55 for not really doing anything, but being in the right place at the right time but being able to get some free Googlejuice from things anyway :p

Oh, and, of course:


We now return you to your regularly unscheduled posting ;)

– kuza55 & sirdarckcat

P.S. Thanks for directing carja.ckers.org to :)
P.S.2. Sorry .mario, NoScript is the new attack playground :P, we’ll be back to php-ids ASAP.

Hello world

October 30, 2007

Hello World


Get every new post delivered to your Inbox.