Researchers Find Serious RapidShare XSS Vulnerability

Status
Not open for further replies.

Jack

Administrator
Thread author
Verified
Staff Member
Well-known
Jan 24, 2011
9,378
Researchers from security vendor M86 Security have identified a serious cross-site scripting (XSS) vulnerability in the RapidShare.com website which allowed attackers to potentially scam users.

RapidShare is one of the largest file hosting providers on the Internet and with hundreds of millions of monthly visitors it is among the world's top 50 websites by traffic.

Like any popular free service, RapidShare is constantly being abused by cybercriminals to host malware or copyrighted content.

M86 security experts had the idea of testing a RapidShare error page saying the servers were too busy and found a serious XSS weakness.

"We decided to test the error message and found that there is an improper input validation vulnerability in the 'downloaderror' field," M86 security researcher Yaniv Miron writes.

"We can control all of the 'downloaderror' fields. For example, the file folder (623624), the file name (test.avi), and of course the error message," he explains.

This is a DOM-based cross-site scripting attack that relies on the victim opening a specially crafted URL and is invisible to the server because the malicious link contains the # fragmenting character before the payload.

Attackers could send fake emails with a link to an allegedly interesting file, for example, something like "WikiLeaks releases video of American soldiers shooting innocent civilians in Iraq. Download here: http://rapidshare.com/files/[file_id]/[file_name].avi"

In reality, the link would point to a specially crafted rapidshare.com URL which, when opened in the browser, would display an error page with a message reading: "Too many users downloading from the server right now. Get a 80% discount coupon for a Pro Account by sending a free SMS to [premium rate number]. Limited offer."
RapidShare_img_3.png

In this case, people interested in getting a Pro account for a low price would send what they believe to be a free SMS - but which actually isn't - to a special number set up by the scammer.

More details - link
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top