1. We have moved from vBulletin to XenForo and you are viewing the site in the middle of the move. Though the functional aspect of everything is working fine, we are still working on other changes including the new design on Xenforo.
    Dismiss Notice

[whitepaper]Cross Site Scripting [XSS] vulnerability in Scribd.com by SecWorm.net

Discussion in 'Ethical hacking' started by indiansword, Dec 30, 2009.

  1. indiansword

    indiansword Security Expert

    Joined:
    Oct 19, 2008
    Messages:
    496
    Likes Received:
    36
    Trophy Points:
    0
    Occupation:
    Operation Planner for 3 Australia
    Home Page:
    SecWorm.net - Advisory
    http://SecWorm.net/
    Steam XSS Vulnerability

    ----------------------------------------------------------------------------------
    1. Advisory Information:
    ----------------------------------------------------------------------------------
    Title:- Cross Site Scripting vulnerability in Scribd.com
    Advisory ID:- SecWorm_Network_2009-3
    Advisory URL:- http://secworm.net/showthread.php?tid=87

    ----------------------------------------------------------------------------------
    2. Vulnerability Information:
    ----------------------------------------------------------------------------------
    Class:- Cross Site Scripting Injection
    Remotely Exploitable:- Yes
    Locally Exploitable:- Yes
    FIXED :- NO

    ----------------------------------------------------------------------------------
    3. Vulnerability Description:
    ----------------------------------------------------------------------------------
    In the search function of Scribd.com, html entities are not sanitized properly, thus it allows any javascript to be executed in it. This causes a non-persistent XSS vulnerability in the search function of Scribd.com. An attacker can inject malicious javascript into the search function which could be used for several types of attacks. An attacker can also hijack the cookies of any user which will compromise the authentication.

    ----------------------------------------------------------------------------------
    4. POC [Proof of Concept]:
    ----------------------------------------------------------------------------------
    Example:- http://www.scribd.com/search?cat=solr&q=...Fscript>
    Screenshot:- : http://secworm.net/poc/scribd-xss.jpg

    ----------------------------------------------------------------------------------
    5. Credits:
    This vulnerability was discovered by Nishant Soni (brainst0rm) from SecWorm Network.

    ----------------------------------------------------------------------------------
    6. Report Timeline:
    ----------------------------------------------------------------------------------
    December 29, 2009- Nishant Soni from SecWorm Network leaves an Email to Scribd.com Site feedback.
    Reply awaited.

    ----------------------------------------------------------------------------------
    7. About SecWorm Network:
    ----------------------------------------------------------------------------------
    SecWorm Network is a group of Security Researchers & Ethical hackers with the motto of security awareness and helping others
    to secure themselves.
    Everyone can reach to us at http://www.SecWorm.net/


    ----------------------------------------------------------------------------------
    8. Disclaimer & Copyright:
    ----------------------------------------------------------------------------------
    The contents of this advisory are copyright © 2009 SecWorm Network, and may be distributed freely provided that proper credits are given.
     
  2. Deadly Ghos7

    Deadly Ghos7 New Member

    Joined:
    Dec 19, 2009
    Messages:
    55
    Likes Received:
    2
    Trophy Points:
    0
    Occupation:
    Student
    Location:
    Earth
    Home Page:
    That's awesome. Respects to you. It seems that I should learn XSS arts from you.
     
  3. indiansword

    indiansword Security Expert

    Joined:
    Oct 19, 2008
    Messages:
    496
    Likes Received:
    36
    Trophy Points:
    0
    Occupation:
    Operation Planner for 3 Australia
    Home Page:
    Thanks @ deadley ghost.
     

Share This Page