Quote of the Day Geeklets for GeekTool

I was messing up with the GeekTool on Mac OSX and decided to write some bash commands to grab the quote of the day from brainyquote.com. I did a google search afterwards, sadly someone already did it. Well, here’s mine grabbing from quotebr.js instead of the actual html.

curl -s www.brainyquote.com/link/quotebr.js | sed -n '3p' | sed -e 's/br.writeln("//g' -e 's/<br>");//g'|tr '\n' ' ' && printf " -" &&curl -s www.brainyquote.com/link/quotebr.js | sed -n '4p' | grep -o  "\\\">.*" | sed -e 's/">//g' -e 's/<\/a>");//g'

Screen Shot 2557-08-11 at 4.06.00 PM

Here’s the link to the other one:

Attacking DTAC’s MMS System Via Cross Site Scripting

DTAC is the second largest GSM mobile phone provider in Thailand. It’s pretty sad that the company itself doesn’t really care much about its security.¬† There are multiple cross-site scripting vulnerabilities and poor authentications.¬† There’s one vulnerability I would like to talk about and that is the stored xss vulnerability located in the MMS system.

What can you do with this vulnerability?
You can simply send a normal MMS and wait until the victim views it. Once viewed, the malicious javascript injected will be executed. Due to the poor coding, the “login-ed” user’s phone number and password will be hidden in the html source. You can basically grab the user’s info via basic javascript like GetElementsByName. This vulnerability will basically allow you to view other people’s MMS if exploited correctly.

How to attack?
After some testings, I found out that the name of the multimedia attached in the MMS is not sanitized properly. This makes attacking via XSS possible.
Simply rename the multimedia file with the xss payload. For example, if it’s an image file rename it to
<img src=x onerror=alert(1)>. Then just send it normally just like how you would send a normal MMS. Your payload will be executed once the message is viewed.
dtacmms1 dtacmms2 Screen Shot 2014-02-01 at 8.57.02 pm
Screen Shot 2014-02-01 at 10.58.02 pmScreen Shot 2014-02-01 at 10.53.26 pm
THAI version of this article may be found here: https://www.facebook.com/groups/2600Thailand/permalink/256269531199749/

9gag.com – Account Take Over Vulnerability via Change Email XSRF

posted an persistent xss located in the first name field of the 9gag users’ a few years back during 2012. Simply edit the html of maxchar to bypass the char limit and insert in attacking¬† vectors.
Somehow the xss is now patched on late 2013.
However, the xsrf still works. If anyone can find an xss vulnerability then they could use that with xsrf to take over a user account by changing the main email.