lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <5a8fd27eb0545f280370185223fdb2cc@insecurityresearch.com>
Date: Mon, 20 Jun 2011 22:28:16 -0500
From: Juan Sacco <jsacco@...ecurityresearch.com>
To: <full-disclosure@...ts.grok.org.uk>
Subject: INSECT Pro - Advisory 2011 0620 - Zero Day - XSS
 Persistent in EA Sports

 Information
 --------------------
 Name : XSS Persistent in EA Sports
 Software : EA Sports Main site
 Vendor Homepage : http://www.ea.com
 Vulnerability Type : XSS Persistent
 Severity : Very High
 Researcher : Juan Sacco <jsacco [at] insecurityresearch [dot] com>

 Description
 ------------------
 EA Sports is prone to a XSS Stored vulnerability because the 
 application fails to properly perform adequate boundary checks on 
 user-supplied data.
 An attacker can exploit this issue to execute arbitrary code in the 
 victim's machine.

 Details
 -------------------
 The persistent (or stored) XSS vulnerability is a more devastating 
 variant of a cross-site scripting flaw: it occurs when the data provided 
 by the attacker is saved by the server, and then permanently displayed 
 on "normal" pages returned to other users in the course of regular 
 browsing, without proper HTML escaping. A classic example of this is 
 with online message boards where users are allowed to post HTML 
 formatted messages for other users to read

 Exploit example as follow
 -----------------------------
 Vulnerable web site
 http://www.ea.com/soccer/profile/biography/cem_ea_id/jsacco123

 The vulnerability is caused by the following code and affected by the 
 "Hometown" input
 <li>
  <label class="section">Home Town:</label>
  '&gt;<script xml:space="preserve">alert("XSS discovered by INSECT 
 Pro")</script>      </li>
 <li>

 Solution
 -------------------
 No patch are available at this time.

 Credits
 -------------------
 Manual discovered by Insecurity Research Labs
 Juan Sacco - http://www.insecurityresearch.com

-- 
 _________________________________________________
 Insecurity Research - Security auditing and testing software
 Web: http://www.insecurityresearch.com
 Insect Pro 2.6.1 was released stay tunned

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists