Wednesday, 7 March 2012

"How I owned 27 MLN box'xs ;]" - NOT true story! ;]


In "OMG - break"-time I wrote one note for You... ;)
Here it is:

(...)

Hello, once upon a time...
Just kiddin.. not this way. ;]
Ok, so as I wrote few posts ago, there is a funny thing I am doing last weeks.

Various crazy scenario of attacks showed me various things.
From information disclosure bugs to "not presented in public"
(some of them I posted here, some not like XSS in PMA3.4.5 or some sqli-bugs).

When I was searching possibility to 'store codes in applications',
I was looking for 'whats next' or 'how to use it "for real"' ;).

So... "we found this XSS for logged users only". What's next, what's big deal, what's the difference...? :)
Hmmmm, deface-rence? own3d-rence? what-3lse-rence? ;>

"Why of why" this stored code in <add_Your's_CMS_here;)> application "will be" used like this?

Because, attacker who wants Your files/box/etc, will attack You via any possible way.
Any :)
So, please understand it: even only one simple "not critical" hole can make You owned.

Simple way:
1. attacker will create 'new account'. (let's say, there is a bug in comments like this )
2. now attacker is logged in. so if xss is in this part of webapp, he can put his code here.
What code?
  • shell 
  • malware
  • phishing
Simple? :)
3. Added code is making whole part of other (nexts) attacks,

Ok. Now second thing:
if Your CMS used in internal (companys) networks, Your users are vulnerable too:
1. attacks-to-person - for example secretary, reception, marketing offices (in our company), etc
2. spam vulnerabilities

So, let's go deeper. :)

"How I owned 27 MLN box'xs?" In my imagination only. :)
 Reason is simple: I do not break the law.

But there is one thing You should be sure:
someone somewhere is searching for new vulnerabilities in lates products.
Webapps, closed-source soft, whatever.

Now, simple XSS for "normal user" can be used for this:
You found bug in some latest $cms?
Type this version in www.google.com. Got the idea?
So type this version (where vuln You found) @Google + "Powered.by"... ;]
Got it now? ;)

Answer You will see in millions.
"
In a short way: if Your webapp/CMS can be exploited by XSS, then there is no
problem to build botnet (site:powered.by... and write python code to store-XSS and 'search for next target' should tell You the rest).

And that's the whole story. ;)

For testing security, ask here.

No comments:

Post a Comment

What do You think...?