vrijdag 7 december 2012

Microsoft!

I got a Security Researcher Acknowledgement from Microsoft!
I want to thank the MSRC for this little attention!

dinsdag 20 maart 2012

Google Hall Of Fame!

Hey guys!

I finally made it (twice) to the Google Hall Of Fame!
My last blogpost was even posted on the frontpage of eHacking News!

Here are some screenshots! :D


Yep.. now you know my real name.Want a cookie?


Alright, I'd like to thank all you guys for the great support! Without you I would never have achieved this!
I'll keep on writing articles about (new) Google vulnerabilities, coding, cracking, whitehat hacking in general and more.
I'm kind of busy right now with other things, but I will rejoin the scene as soon as possible!

Cheers,
TiPi

dinsdag 14 februari 2012

[XSS] Disclosing new Google XSS vulnerabilities!

Hey guys!


I'm happy to announce that I already earned $1200 for my Google security vulnerability findings! 
Unfortunately, some of my findings were found by someone else in the same period. But as they are fixed now, I thought I'd share them with you! :-)


Let's start off with some security vulnerabilities in the Google Maps/Places system. These are all XSS injections, which allow an attacker to steal someones cookies or hack their session. It's like those little annoying facebook viruses that can take over your entire facebook account.


1. Persistent Google Maps XSS
Description: XSS injection in the nickname display of the Google Maps profile.
Type:  Persistent XSS
URL: http://maps.google.com/maps/user?uid=[CENSORED]
Payload:  <img src="<img src=search"/onerror=alert("TiPiXSS")//">
State: Fixed
Reward: None, found by someone else in the same period

Screenshot: 
Remarks: I had to enlarge the maximum NickName lenght by editing the source code to enter the payload.



2. Persistent Google Map Maker XSS
Description: XSS injection in the nickname display of a Google Map Maker profile, in the appelication itself.
Type: Persistent XSS
URL: http://www.google.com/mapmaker?gw=55&editids=a1hYkdXPQxZ36B7xzV&iwloc=0_0
Payload: <img src="<img src=search"/onerror=alert("TiPiXSS")//">
State: Fixed
Reward: None, found by someone else in the same period
Screenshot: 
3. Persistent Google Map Maker Profile XSS
Description: XSS injection in the title of a Google Map Maker profile. The display of the nickname itself on the profile was filtered.
Type: Persistent XSS
Payload: </title><img src="<img src=search"/onerror=alert("TiPiXSS")//">
State: Fixed
Reward: None, found by someone else in the same period
Screenshot: 


4. Google Orkut XSS
Description: XSS in community description. You don't have to click the HTML button. The XSS triggered every time you tried to edit the community description or tried to view the communication settings. Not a self XSS, as communities can have several administrators.
Type: Persistent XSS
URL: http://www.orkut.com/Main#Community?cmm=[CENSORED]
Payload: <img src="<img src=search"/onerror=alert("TiPiXSS")//">
State: Fixed
Reward: $500
Screenshot: can't find one, sorry!

5. Google Science Fair XSS
Description: funny self XSS in a new Google project, "Google Science Fair" (isolated domain). You could enter any HTML code and javascript in the form where you could provide additional team members. The XSS would trigger when you click "register", and hover with your mouse over that field.
Type: SELF-XSS
URL: https://www.googlesciencefair.com
Payload: <script>alert('TiPïXSS!');</script>
State: Fixed
Reward: None
Screenshot: 

6. Google Caption Contest XSS
Description: users could add comments (and malicious HTML code) on the submitted captions forThe  Google Caption Contest.
Type: Persistent-XSS
Payload: <img src="<img src=search"/onerror=alert("TiPiXSS")//">
State: Fixed
Reward: $100
Screenshot:
(No alert.. sorry! I don't know where I have saved the one with the alert. @The text: hehe, $100 was fine too, ofcourse!)



7. Not disclosed yet

I also earned another $500, but since that XSS is not fixed yet, I am not allowed to disclose it! But here's some proof! :-)


8 & 9. Already disclosed
I also earned $100 for a Google XSS on Google's ZeroMomentOfTruth.com (click!). Other than that one, I found an iGoogle Self XSS.
Google will add me to their Security Hall Of Fame soon! :-)

Cheers! I will keep you guys updated! :-)

TiPi

maandag 13 februari 2012

[SCIENCE] And now something completely different


Hey there!

If you are waiting for news about the Google security vulnerabilities, I will disclose them as soon as possible. :-)

Anyways, time for something completely different now! As some of you may know, I love science! Especially astronomy, as there are many questions to be solved concering the universe. Some of them may have been answered already, but that does not always mean they represent the truth, as many of them are just theories.

I dare to question one of the most accepted and known theories about the universe... the so-called "Big Bang" and the borders of our universe. Most scientists believe there was such thing as a gravitational singularity in the beginning. That is like one point where all the particles in our universe were 'stored'. According to scientists, that thing exploded and so the universe was created. Yes, there is evidence! But not enough, as there are still many questions left.  In fact, this theory even contradicts with some physical laws.
And still we assume that this theory is completely correct.

I am not saying that it is not correct. In fact, it may be partly correct! But my theory solves some problems that there are with the Big Bang theory.

The theory - Relative location approach
Let us start off with a slightly philosophical question: what is a location?
I can descibe the coordinates of my very own computer in coordinates. We use three dementions to do so: X,Y,Z.
We should not forget that coordinates are a comparison to a certain location where the coordinates are all equal to zero.
Many people confuse the universe with a collection of all particles there are. I see the universe as a collection of all the possible locations there are.

Now let us say that there is some sort of force that defines those possible locations. This force is located at the absolute borders of our universe. Nature always tries to achieve a certain balance. That is why I can not believe that is is possible that particles would just dissapear in black holes, the number of particles should always be equal. We can also find this balance in the expansion of our universe. Compare the absolute borders with magnets. As soon as they distance from the objects in the universe, the objects in it are less affected by the force. However, if these magnets get stronger, they distance to achieve the same force that affects the objects in the universe. That balance we are looking for.
The energy could come from the particles that reach the absolute border and get stuck "between" the relative force. This means that the universe will expand when particles reach the absolute border, thus the particles reached that have not reached the absolute border yet will have to pass a longer distance to reach that absolute border. But they will, eventually..

Obviously, we can not get out of the universe. If we could, our particles would have absolute coordinates. This would mean that we would be still in the universe! Since our coordinates as we know them are changed, we are still in the same universe... on another place. It is like an infinite loop. It has no ending nor beginning. It does have a border, but no relative border. Apart from the absolute coordinates, the coordinates as we know them, there are relative coordinates out there. Like a parallel universe, but not that cool as in science fiction. From our point of view, it would be just the same universe as we know it. With the same particles, the same time, the same movent of particles. Which means you are not able to meet yourself in a parallel universe, as it does not exist using absolute coordinates.

I know this can be quite tough to understand. Let us compare it to something we all know to make it slightly easier.
That is right! The good old snake on our old Nokia phones!
This game has no walls, which means that you will appear at the left if you go out of borders on the right. We can compare it to our universe. There are no real borders (in this case: walls), yet they are some sort of borders as there is one point that we will appear on the other side of the screen. Obviously our universe is not a game and has three dimentions, but I am sure this example can help you to understand the new theory. If you do not understand it yet, I wrote some (badly written) pseudo-code of a snake game on a 42*42 screen.

#include <not_important.h>
#DEFINE MAX_ABS_X 42
#DEFINE MAX_ABS_Y 42
int main(){
.........
int absX=42; //Our absolute coordinates, coordinates as we know them.
int absY=23;
int relX=42; //Relative coordinates. Obviously they do not have to be the same
int relY=23;
.........
while(running){
if(key_left)       {absX--;relX--;}
else if(key_right) {absX++;relX++;}
else if(key_up)    {absY--;relY--;}
else if(key_right) {absY++;relY++;}
printsnakedot(x,y,z); //forget about the tail and the function
.........
if (x < 0)  {absX=MAX_ABS_X;}
if (x > 42) {absX=0;)
if (y < 0)  {absY=MAX_ABS_Y;}
if (y > 42) {absY=0;)
.........
}
return 0
}

See what happens if the snake would go trough for instance the right border? The snake would appear on the left side. The relative X coordinates though, will be increased, while the absolute X coordinates will be set to zero.

We all know that objects in our universe expand, they distance from each other. Once their particles enter the "absolute coordinate border zone", their particles may get stuck between those forces of the parallel (or the same, depends on how you look at it) universe, they would compress due the force "pushing" the particles together. Eventually all particles in our universe will be compressed. It would take a (very) long time. Anyways, we are now at a point that we have that one "collection" of all particles together. Wait a minute... we have seen that (more or less) before in the Big Bang Theory!
Due the pressure and chemical reactions, these particles could explode. All the particles are now expanding again, distancing from each other. Now go back at the beginning of this paragraph and join me in an infinite loop!

Evidence for this theory? Some scientists say that, looking at the protons inside particles, that they may be older than our universe [dutch source], but that there is no real evidence yet. Still, the theory provides an answer to questions we were not able to find an answer to, and solves some problems concerning the Big Bang Theory and the phisical laws. It could also explain black holes and worm holes, as particles seem to disappear. As the amount of particles will always be equal, these particles can not just dissapear. And that is why relative location approach could be close to reality...

UPD: Here is an image to understand the expansion of that force and why particles move faster over time.
http://i42.tinypic.com/vi1suh.png

zondag 8 januari 2012

[XSS] Google Reward + 2 OTHER XSS'ES!

Hey guys!


I'm glad to announce that I got another $100 for the ZMOT Google XSS vulnerability.
I can't disclose the other one I got $100 for, because that one is not fixed yet.


Anyways, I've been "feeling lucky" today! I found two other persistent XSS'es! Hooray!
These vulnerabilities are located on Google domains that are eligible for a reward. 


Now waiting very excited for Googles replies!


I'll keep you guys updated! :-)

vrijdag 6 januari 2012

[XSS] Google Persistent: ZMOT


Hey!

A couple of days ago, I found another XSS on a Google website!
It was a persistent XSS, located on the frontpage on a Google website! Which means that everyone who visited the frontpage, or clicked on a certain link, referring to the vulnerable gadget on the frontpage, was affected.

Fortunately, the website itself used openID to authenticate Google users, so someone with bad intentions wouldn't be able to steal an users password.

The vulnerability was located in a chat gadget on the frontpage of Google's new ebook website: ZeroMomentOfTruth.com
It's fixed now, so don't screw that gadget by inserting random HTML tags.
Here's a picture:



E-Mail:



I don't know how much I will get for this one. Probably not much, about $100, but that's more than enough for me.

As for the other one (which isn't fixed yet, got $100 for that find), I will post that one as soon as it's fixed! :-)