Pierluigi Paganini
August 08, 2013
Security Researcher Mohamed Osman Saeed has found a long series of vulnerabilities in major websites. He declared to have found an XSS flaw in 2 IBM Site’s ( ww.ibm.com & www-304.ibm.com ), XSS in java.com , XSS in NetAsq Site, XSS in BT site & the Service web site (ww.bt.com & www.globalservices.bt.com), XSS in Linkedin.com , XSS in acn-members.apple.com.
The researcher revealed also to have found critical vulnerability Directory Traversal in acn-members.apple.com, XSS in Paypal, but he omits from claiming Paypal bug bounty because he lives in the sanction country Sudan but he decided anyway to make a responsible submission because of ethics.
He discovered the flaw using his Mantra browser & burp suite Proxy Interceptor.
Most of the XSS flaws in major sites are considerable critical because belong to XSS client side attack category that can allow attacker to jeopardize all company clients as well as the attack can be elevated for more sophisticated & more hazard one. Also Directory traversal (Server Side attack ) in Apple sub domains is considerable seriousness, the attacker in fact can read any file stored in the file system abusing of the HTTP privileges.
XSS :
Cross-Site Scripting attacks are a type of injection problem, in which malicious scripts are injected into the otherwise benign and trusted web sites. Cross-site scripting (XSS) attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end user. Flaws that allow these attacks to succeed are quite widespread and occur everytime a web application accepts input from a user producing the output without validating it or encoding it.
An attacker can use XSS to send a malicious script to an unsuspecting user. The end users browser has no way to know that the script should not be trusted, and will execute the script. Because browser thinks the script came from a trusted source, the malicious script can access any cookies, session tokens, or other sensitive information retained by it and used by that site. These scripts can even rewrite the content of the HTML page.
Directory Traversal :
A Path Traversal attack aims to access files and directories that are stored outside the web root folder. By browsing the application, the attacker looks for absolute links to files stored on the web server. By manipulating variables that reference files with dot-dot-slash (../) sequences and its variations, it may be possible to access arbitrary files and directories stored on file system, including application source code, configuration and critical system files, limited by system operational access control. The attacker uses ../ sequences to move up to root directory, thus permitting navigation through the file system.
This attack can be executed with an external malicious code injected on the path, like the Resource Injection attack. To perform this attack its not necessary to use a specific tool; attackers typically use a spider/crawler to detect all URLs available.
This attack is also known as dot-dot-slash, directory traversal, directory climbing and backtracking.
