Rediscoverer » Javascript/Ajax http://rediscoverer.net ... since almost everything is already out there. Sat, 28 Feb 2009 10:32:27 +0000 en hourly 1 http://wordpress.org/?v=3.0 XSS http://rediscoverer.net/archives/27 http://rediscoverer.net/archives/27#comments Fri, 08 Jun 2007 12:21:44 +0000 Rolan http://rediscoverer.net/archives/27 Ok. Playtime’s over. Some people need to fix something.

I’ve been playing with an XSS vulnerability in a social-networking site I’m using. The site had already had XSS holes in the past that got patched. But then the addition of new features always opened up new problems.

One boring weekend, I got really curious with what I can do with XSS. Usually, whenever I see a site that is prone to script injection, I pop-up an alert box (a warning to fix the hole) and redirect them to somewhere else (usually Google). This time, I tried something neat. I’ve already read articles about stealing cookies via XSS but didn’t get to see how the stolen cookies were put into use. So I thought of doing an actual experiment if those things really work.

Long story short: it worked. I was able log into other user accounts without knowing their password. I asked some people for help to test this and gave them a demo. Really, I’m tempted to peek at other people’s account. But I don’t want guilt to keep me awake all night after a hard day’s job.

I already informed the folks at that site about the XSS hole. Maybe I’ll post how I did it after the vulnerability gets fixed. It was quite simple like the articles I’ve read before.

]]> http://rediscoverer.net/archives/27/feed 1 IE doesn’t like trailing commas http://rediscoverer.net/archives/6 http://rediscoverer.net/archives/6#comments Tue, 18 Jul 2006 06:34:00 +0000 Rolan http://rediscoverer.net/blog/archives/6 I had this seemingly undetectable bug on one application I made using javascript. It was running fine on Firefox, no errors or warnings. But when my client checked it out the page wasn’t working. I wasn’t able to test it on IE right away since I only have Firefox installed on my office PC (which is running on Linux with no Wine installed). After arriving home, I looked at the page using IE and yes, the app wasn’t working. It took me the whole night to figure out what was going wrong. I forgot what error message IE was giving me. The only thing I remember is that it doesn’t much about the problem. I read the code one more time, checking for any uninitialized variable or something that I might have overlooked. I was doubtful that it was suffering from cross-browser problems, since I relied mainly on Prototype‘s nice collection of thingies that were already tested for cross-browser compatibility.

I loaded my javascript file on my editor (ConTEXT) and began reading the code again. Half-way through the code, I saw a trailing comma inside an object definition. It kinda looked like this:

PLAIN TEXT
JavaScript:
  1. someClass.prototype =
  2. {
  3. someFunction: function()
  4. {
  5. // do something
  6. },
  7. anotherFunction: function()
  8. {
  9. // do another thing
  10. },
  11. }

I almost didn’t notice it. If it wasn’t for the big font I’ve set on my editor, I’d be rewriting a large chunk of my app. Hmmm… looks like Firefox is kind to orphan commas.

]]> http://rediscoverer.net/archives/6/feed 0