Paid Advertising
web application security lab
« Reverse Pin Numbers Enable Emergency Function
Identifying Information Structures »

XSS Clearinghouse

Alf sent me a very interesting link today that pretty much validates a lot of the fears I’ve had about the potential of XSS in the underground. This link is to an XSS clearinghouse. It’s in German, but you can probably get the idea. The users go to the site and get to see some XSS for free and others they have to contact the person who found the vulnerabilities. Not only that but it comes side by side with a Google Page Rank indicator to let you know how valuable the link is if you are into blackhat SEO.

This is probably nowhere near as dangerous as what it could be used for (redirecting a user or building a link farm out of high PR sites here or there is thankfully one of the least malicious things you could do). However the potential for using this for far more malicious purposes is highly likely in the not too distant future. I’ve already been asked about people trying to sell exploits so it’s not like we are years away from this or anything. Pretty scary.

This entry was posted on Monday, January 29th, 2007 at 8:10 pm and is filed under XSS, Webappsec. You can leave a response as well.

6 Responses to “XSS Clearinghouse”

  1. Kyran Says:
    January 29th, 2007 at 8:59 pm

    Yup. Pretty bad stuff. I remember a few time on the boards, people were asking to buy exploits for a few specific sites.

  2. dusoft Says:
    January 30th, 2007 at 6:50 am

    9 and 8 PR links are available only via Kontakt - so I guess he sells them already.

  3. Sh.Crew Says:
    January 30th, 2007 at 7:59 am

    Our Crew have found over 700 Cross Site Scripting Issues, but only 20 Webmaster answer !

  4. Wladimir Palant Says:
    January 30th, 2007 at 8:18 am

    dusoft, he writes there that he actually did contact eBay and Amazon, so maybe he is simply waiting before disclosing the information. That’s the optimistic interpretation at least…

  5. Jeremiah Grossman Says:
    January 30th, 2007 at 10:16 am

    I wonder if this has any relation to this…

    Games for Web Hackers
    http://www.disenchant.ch/blog/games-for-web-hackers/35

    What made me make the connection is the reference to PR in base cases.

  6. RSnake Says:
    January 30th, 2007 at 10:29 am

    @Jeremiah - interesting, but in this case, the sites might have had a PR but once you add the query string on top of it the PR is no longer there (because Google hasn’t indexed a new XSS vuln yet). The only way for this to work is persistent XSS where it hits a page that has already been indexed or in the rare case where injecting a cookie and going to a page that’s already been indexed causes a vuln. Bizzare game.

Leave a Reply Or Discuss On the Forums