RE: [WEB SECURITY] netdisaster.com

[steve jensen <sjensen1207@xxxxxxxxxxx>]

--_52e20164-001a-4e48-8759-df182b6e05a9_
Content-Type: text/plain; charset="Windows-1252"
Content-Transfer-Encoding: quoted-printable

Sameer,
=20
  No, this doesn't mean the target websites are Cross-Site Scriptable. If y=
ou look at the pages source you can see that the target is loaded into a fr=
ame. The animation is a .swf file loaded into a div tag with the z-index se=
t to 100. Basically, it's just creating two layers, the target site in the =
background and the div containing the animation as a transparent overlay in=
 the foreground.


Date: Mon, 14 Jan 2008 20:47:23 -0800From: samir_j_k@yahoo.comTo: websecuri=
ty@webappsec.orgSubject: [WEB SECURITY] netdisaster.com




Hi,
I found this site http://netdisaster.com, within this site you can enter an=
y other domain( target sites) in the filed and you can see funny pages craw=
ling through the orignial site. I wanted to know is it the sites( target) a=
re vulnerable to XSS?
=20
Thanks
Sameer
=20

Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it n=
ow. -----------------------------------------------------------------------=
----- Join us on IRC: irc.freenode.net #webappsec Have a question? Search T=
he Web Security Mailing List Archives: http://www.webappsec.org/lists/webse=
curity/ Subscribe via RSS: http://www.webappsec.org/rss/websecurity.rss [RS=
S Feed]=20
_________________________________________________________________
Make distant family not so distant with Windows Vista=AE + Windows Live=99.
http://www.microsoft.com/windows/digitallife/keepintouch.mspx?ocid=3DTXT_TA=
GLM_CPC_VideoChat_distantfamily_012008=

--_52e20164-001a-4e48-8759-df182b6e05a9_
Content-Type: text/html; charset="Windows-1252"
Content-Transfer-Encoding: quoted-printable

<html>
<head>
<style>
.hmmessage P
{
margin:0px;
padding:0px
}
body.hmmessage
{
FONT-SIZE: 10pt;
FONT-FAMILY:Tahoma
}
</style>
</head>
<body class=3D'hmmessage'>Sameer,<BR>
&nbsp;<BR>
&nbsp; No, this doesn't mean the target websites are Cross-Site Scriptable.=
 If you look at the pages source you can see that the target is loaded into=
 a frame. The animation is a .swf file loaded into a div tag with the z-ind=
ex set to 100. Basically, it's just&nbsp;creating two layers,&nbsp;the targ=
et site in the background and the div containing the animation as a transpa=
rent overlay in the foreground.<BR><BR><BR><BR><BR>
<BLOCKQUOTE>
<HR id=3DEC_stopSpelling>
Date: Mon, 14 Jan 2008 20:47:23 -0800<BR>From: samir_j_k@yahoo.com<BR>To: w=
ebsecurity@webappsec.org<BR>Subject: [WEB SECURITY] netdisaster.com<BR><BR>
<TABLE cellSpacing=3D0 cellPadding=3D0 border=3D0>
<TBODY>
<TR>
<TD>
Hi,<BR>
I found this site <A href=3D"http://netdisaster.com/"; target=3D_blank>http:=
//netdisaster.com</A>, within this site you can enter any other domain( tar=
get sites)&nbsp;in the filed and you can see funny pages crawling through t=
he orignial site. I wanted to know is it the sites( target)&nbsp;are vulner=
able to XSS?<BR>
&nbsp;<BR>
Thanks<BR>
Sameer<BR>
&nbsp;<BR></TD></TR></TBODY></TABLE><BR>
<HR SIZE=3D1>
Be a better friend, newshound, and know-it-all with Yahoo! Mobile. <A href=
=3D"http://us.rd.yahoo.com/evt=3D51733/*http://mobile.yahoo.com/;_ylt=3DAhu=
06i62sR8HDtDypao8Wcj9tAcJ" target=3D_blank>Try it now.</A> ----------------=
------------------------------------------------------------ Join us on IRC=
: irc.freenode.net #webappsec Have a question? Search The Web Security Mail=
ing List Archives: http://www.webappsec.org/lists/websecurity/ Subscribe vi=
a RSS: http://www.webappsec.org/rss/websecurity.rss [RSS Feed] </BLOCKQUOTE=
><br /><hr />Make distant family not so distant with Windows Vista=AE + Win=
dows Live=99. <a href=3D'http://www.microsoft.com/windows/digitallife/keepi=
ntouch.mspx?ocid=3DTXT_TAGLM_CPC_VideoChat_distantfamily_012008' target=3D'=
_new'>Start now!</a></body>
</html>=

--_52e20164-001a-4e48-8759-df182b6e05a9_--