No XSS warning here.

nagan · Post by **nagan** » Tue Jan 19, 2010 6:28 pm

http://emuasylum.com/forums/z/rs/files. ... 1&s=103809

Displayed as only a rapidshare link.Or was it really a harmless one?

Post by **Giorgio Maone** » Tue Jan 19, 2010 6:56 pm

There's no XSS that I can see there.
It just seems a quite accurate phishing copy, even though you can tell it's not rapidshare by just checking the address bar, which is the bare minimum against pishing.

nagan · Post by **nagan** » Wed Jan 20, 2010 4:07 pm

Hi,
Could you tell the difference between an xss attack and the one above (for educative interest)? Earlier I used to get NS xss warnings on similiar sites which had a similiar non Rapidshare addresses and trying to phish.
If a guy is half asleep ,he is gone!

Post by **Giorgio Maone** » Wed Jan 20, 2010 4:13 pm

nagan wrote:Hi,
Could you tell the difference between an xss attack and the one above (for educative interest)?

If Rapidshare has a XSS vulnerability, an attacker could show you an identical page with a rapidshare.com URL in your address bar.
At that point, even if you're full awake, you can't tell the difference.
Furthermore, if you're already logged in, or you enabled the "remember me" feature, or you've got the browser's password-completion feature enabled, your credentials are gone even if you're not shown the page (e.g. if it's loaded in an hidden IFRAME), let alone interact with it.

InformAction Forums

No XSS warning here.

No XSS warning here.

Re: No XSS warning here.

Re: No XSS warning here.

Re: No XSS warning here.