Author Topic: DOM-XSS issue leads to malware...  (Read 990 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
DOM-XSS issue leads to malware...
« on: August 15, 2019, 12:37:10 PM »
Re: Results from scanning URL: -http://online-transaction.icu/window.location.hash.substr(1);windows.location.assign
Number of sources found: 0
Number of sinks found: 2 on issue, read on dom-xss exploit:
https://medium.com/@a.pranaykumar01/address-dom-xss-b21515db0562

7 detect this mentioned url as malicious: https://www.virustotal.com/gui/url/5fe25661e5e7580d57e1ee1545ee27f35b37b2377a2259b4ffebe3fe9e5e7353/detection
detection as phishing, spam & malware site with code as
Quote
url(data:image/png;base64,iVBORw0KXXXXXXXXXXXXXXUgAAAPAAAADqCAMAAACrxjhdAAAAt1BMVEUAAAAAAAD///////// etc
on -http://online-transaction.icu/cgi-sys/suspendedpage.cgi
and 0n -http://online-transaction.icu/cgi-sys/suspendedpage.cgi with code as
Quote
.additional-info {
background-image: -url(data:image/png;base64,iVBORw0KGgoXXXXXXXXXXXXXXXAPAAAADqCAMAAACrxjhdAAAAt1BMVEUAAAAAAAD/////////////////////////////////////////////////////////////////////////////////////////////XXXXXXXXXXXXXXXXXXXXX///////////////////////////////////////5+fn////

Interesting read on a counter measure detecting: https://medium.com/@luanherrera/xs-searching-googles-bug-tracker-to-find-out-vulnerable-source-code-50d8135b7549

polonus (volunteer 3rd party cold recon website security analyst & website error-hunter)
« Last Edit: August 15, 2019, 12:38:52 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: DOM-XSS issue leads to malware...
« Reply #1 on: August 15, 2019, 01:45:49 PM »
I think, I do not have to explain, why cybercrimals will have a field day on most suspended webpages,
like the one mentioned in this thread.

Security implications, see the 12 issues mentioned here:
https://webhint.io/scanner/4f66bcf0-0e2a-4c79-ab14-a3f5519f1b4f#category-Security

Riks. 13 here: https://app.upguard.com/webscan#/http://online-transaction.icu/cgi-sys/suspendedpage.cgi
and 11 here: http://online-transaction.icu/window.location.hash.substr(1);windows.location.assign
and 12 here: https://webhint.io/scanner/cd717b3a-158e-4329-994b-2606bd17a0d9#category-Security

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!