XSS flaw found at "https://www.e-gold.com" (fwd)

Eugen Leitl eugen at leitl.org
Fri Dec 13 04:51:57 PST 2002


---------- Forwarded message ----------
Date: 10 Dec 2002 12:50:03 -0000
From: Liu Die Yu <liudieyuinchina at yahoo.com.cn>
To: bugtraq at securityfocus.com
Subject: XSS flaw found at "https://www.e-gold.com"



i know bugtraq doesn't accept vulnerability on one site, but the following 
info is important; please suggest a forum for me to post.


----=======------



XSSatEGOLD-Content-Tech

XSS flaw found at "https://www.e-gold.com"

technically, it's nothing new. 

XSS at E-gold is very dangerous. E-gold is one of the most popular way to 
do international business. and unlike credit card system, e-gold sent, it 
never comes back. there is no refund policy. 

so stealing passphrase means stealing real gold. 

it's important, so i take it seriously.


[tested]
browser:MSIEv6 
time:2002/12/10 UTC+800


[demo]
at
http://www16.brinkster.com/liudieyu/XSSatEGOLD/XSSatEGOLD-MyPage.htm
or
http://clik.to/liudieyu ==>XSSatEGOLD
or
[CODE.URL START]
https://www.e-gold.com/acct/historycsv.asp?
initial=1xxxx"><SCRIPT>s="You_can_NOT_trust_this_page_if_you_got_if_from_a_
link.____by_LiuDieYu_http://clik.to/liudieyu";w=window.open("https://www.e-
gold.com/acct/login.html");setTimeout("w.document.write
(s)",150);</SCRIPT>&startmonth=12&startday=4&startyear=1996&endmonth=12&end
day=4&endyear=2003&paymentsreceived=1&oldsort=tstamp&page=1
[CODE.URL END]

[exp]

technically, there is only one thing important for XSS attackers:
some CGI can only be found when you are logged in, but they can be reached 
even if you are not logged in.
of course, the module dealing with logged-in users is different from the 
one dealing with un-logged-in users.
so, you have to test in both situations to ensure it's not XSS vulnerable.


[contact]
http://clik.to/liudieyu ==> "how to contact liu die yu" section

[BTW]
this flaw can be found easily with FASX at
http://clik.to/fasx





More information about the cypherpunks-legacy mailing list