articlesbase.com XSS vulnerability

Discussion in 'Ethical hacking' started by indiansword, Apr 29, 2009.

  1. indiansword

    indiansword Security Expert

    Joined:
    Oct 19, 2008
    Messages:
    491
    Likes Received:
    37
    Trophy Points:
    0
    Occupation:
    Operation Planner for 3 Australia
    Home Page:
    http://www.Secworm.net
    I can not belive that the webssite like ArticleBase has XSS vulnerability. I have reported it to the staff.

    Exploit Information:
    [+] Founder / Author : Nishant Soni a.k.a IndianSword
    [+] Date:- 29th April 2009
    [+] Criticality :- 8/10
    [+] Fix: Reported to the staff, awaiting confirmation.
    [+] Exploited Links:-
    There is a critical XSS vulnerability in the "Search" option of ArticleBase's website. An attacker can exploit the Search Option to get the Cookies which handles the user authentication session. Which means an attacker can create a malicious search and copy the URL and send it to the person whoever he wants to hack.

    Here is an example of malicious URL which will create an alert box.

    Code:
    http://www.articlesbase.com/find-articles.php?q=%3Cscript%3Ealert%28%22XSSed+by+TechMafias.com%22%29%3C%2Fscript%3E
    If you wanna learn more about Hacking with this XSS vulnerability then read this article:
    Stealing Cookie With XSS

    Enjoy :smug:
     

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice