1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

[whitepaper]Cross Site Scripting [XSS] vuln. in EzineAritlces.com by SecWorm.net

Discussion in 'Ethical hacking' started by indiansword, Jan 1, 2010.

  1. indiansword

    indiansword Security Expert

    Joined:
    Oct 19, 2008
    Messages:
    496
    Likes Received:
    36
    Trophy Points:
    0
    Occupation:
    Operation Planner for 3 Australia
    Home Page:
    SecWorm.net - Advisory
    http://SecWorm.net/
    XSS Vulnerability in EzineArticles.com

    ----------------------------------------------------------------------------------
    1. Advisory Information:
    ----------------------------------------------------------------------------------
    Title:- Cross Site Scripting vulnerability in Scribd.com
    Advisory ID:- SecWorm_Network_2010-1
    Advisory URL:- http://secworm.net/Thread-Cross-Sit...inearticles-com-by-SecWorm-net?pid=313#pid313

    ----------------------------------------------------------------------------------
    2. Vulnerability Information:
    ----------------------------------------------------------------------------------
    Class:- Cross Site Scripting Injection
    Remotely Exploitable:- Yes
    Locally Exploitable:- Yes
    FIXED :- NO

    ----------------------------------------------------------------------------------
    3. Vulnerability Description:
    ----------------------------------------------------------------------------------
    EzineArticles is one of the most famous websites on internet for Articles Submission & It has got thousands of articles's database already. Search Function of the website is vulnerable to Cross Site Scripting [XSS] Attacks. HTML entities are not saitized properly, thus it lets the javascripts to be executed. It can lead to Cookie Stealing, Session hijacking etc. In the worst case, an Attacker can upload Shells such as c99 and deface the website.

    ----------------------------------------------------------------------------------
    4. POC [Proof of Concept]:
    ----------------------------------------------------------------------------------
    Example:- http://ezinearticles.com/search/?q=<script>alert("Found")</script>
    Screenshot:- : http://secworm.net/poc/ezinearticlesxss.jpg

    ----------------------------------------------------------------------------------
    5. Credits:
    This vulnerability was discovered by Nishant Soni (brainst0rm) from SecWorm Network.

    ----------------------------------------------------------------------------------
    6. Report Timeline:
    ----------------------------------------------------------------------------------
    December 29, 2009- Nishant Soni from SecWorm Network leaves an Email to EzineArticles.com
    No reply.

    ----------------------------------------------------------------------------------
    7. About SecWorm Network:
    ----------------------------------------------------------------------------------
    SecWorm Network is a group of Security Researchers & Ethical hackers with the motto of security awareness and helping others
    to secure themselves.
    Everyone can reach to us at http://www.SecWorm.net/

    ----------------------------------------------------------------------------------
    8. Disclaimer & Copyright:
    ----------------------------------------------------------------------------------
    The contents of this advisory are copyright © 2009 SecWorm Network, and may be distributed freely provided that proper credits are given.
     
  2. neo_vi

    neo_vi New Member

    Joined:
    Feb 1, 2008
    Messages:
    722
    Likes Received:
    15
    Trophy Points:
    0
    Occupation:
    Software engineer
    Location:
    Earth
    Home Page:
    Good one again.
    Update the title.
     

Share This Page