Tuesday, 22 January 2013


Very ever so grateful to wikiactions.org for tracking down the hole that has been giving us simply ENDLESS ENDLESS ENDLESS ENDLESS BULLSHIT: tiny amount likely from eg:


Etc, etc, etc:
http://www.occupythebanks.com/2012/10/dutch-when-child-traffickers-rule.html Important!http://www.occupythebanks.com/2012/10/contact.html http://www.occupythebanks.com/2012/04/pirate-falkvinge-exclusive-battle.html Trojaned
http://www.occupythebanks.com/2012/07/status-alert-akamai-back-orifice-rabbit.html PROOF hehhttp://www.occupythebanks.com/2012/06/darkcabal-news-in-via-dm-otb-security.html Harrasmenthttp://www.occupythebanks.com/2012/06/doxed-dark-cabal-censorship-work.html Fed Censorshiphttp://www.occupythebanks.com/2012/06/otb-occupy-attack-confirmed-dns-ows.html

I could on ON, and ON, and ON ...
Obviously, a fine fella to follow: ‏@WikiActions ;)

The Hole in Blogger; how they, the DARK CABAL, have been trying to drive us INSANE, or into QUITTING on TELLING YOU THE TRUTH!  THE ZERO DAY HACK ATTACK! 

If yo don't know seclists; this is where people for the first time give PUBLIC DISCLOSURE of a bug they may (or may not) have previously told the world (or the provider of the software concerned) they had discovered. ... onwards, into what seems the best guess these BASTARDS have been up to! ..... Into 0 Day; the sec stands for SECURITY!

"Re: [0 Day] XSS Persistent in Blogspot of Google

From: Jakub Zoczek <zoczus () gmail com>
Date: Tue, 22 Jan 2013 01:02:38 +0100


*Execution of owner-supplied JavaScript on Blogger:* Blogger users are
permitted to place custom JavaScript in their own blog templates and blog
posts; our take on this is that blogs are user-generated content, not
different from any third-party website on the Internet. Naturally, for your
safety, we do employ spam and malware detection technologies - but we
believe that the flexibility in managing your own content is essential to
the success of our blogging platform.

*Therefore, the ability to execute owner-supplied scripts on your own blog
is not considered to be a vulnerability. That being said, the ability to
inject arbitrary JavaScript onto somebody else’s blog would likely qualify
for a reward!

*Source <http://www.google.com/about/appsecurity/reward-program/>*


On Tue, Jan 22, 2013 at 12:01 AM, ANTRAX <antrax.bt () gmail com> wrote:

Hi all, I'm ANTRAX from Argentina, and I'm owner of www.underc0de.org
Today, I going to shared with you about XSS in blogger. This is a very
simple, but isn´t fix yet..
This bug could be exploited by bloggers without administrator permissons.

Steps to reproduce the XSS:

1.- Create a new post in the blog and insert some script

[image: Imágenes integradas 1]

2.- When the administrator enter in the administration panel in
"templates" section, blogger automatically executed the script, because
blogger have a mini-preview in "Ahora en el blog", then execute the script

[image: Imágenes integradas 2]

3.- Ready! the script has been executed!

[image: Imágenes integradas 3]

Also, you can steal cookies!

[image: Imágenes integradas 4]

I reported to google about it, but they not fixed yet.

Kind regards partners!


Want to see an EXAMPLE from just MOMENTS AGO (we've decided to ARCHIVE THE PAGE 'wrong') so you can SEE with your OWN EYES, this BULLSHIT, right here on #OTB:

#Documentales El lado oscuro de la luna, Un falso viaje a la luna

Do notice the RIDICULOUS SPACE at the bottom of the page! (thus wrecking our home page, of course, EVERY TIME, we publish, a new story!

The White Rabbit!

No comments :

Post a comment

Only members (obviously) can comment; no moderation; direct to page.

Note: only a member of this blog may post a comment.