[whitepaper]Cross Site Scripting [XSS] vuln. in EzineAritlces.com by SecWorm.net

indiansword's Avatar, Join Date: Oct 2008
Security Expert
SecWorm.net - Advisory
http://SecWorm.net/
XSS Vulnerability in EzineArticles.com

----------------------------------------------------------------------------------
1. Advisory Information:
----------------------------------------------------------------------------------
Title:- Cross Site Scripting vulnerability in Scribd.com
Advisory ID:- SecWorm_Network_2010-1
Advisory URL:- http://secworm.net/Thread-Cross-Site...pid=313#pid313

----------------------------------------------------------------------------------
2. Vulnerability Information:
----------------------------------------------------------------------------------
Class:- Cross Site Scripting Injection
Remotely Exploitable:- Yes
Locally Exploitable:- Yes
FIXED :- NO

----------------------------------------------------------------------------------
3. Vulnerability Description:
----------------------------------------------------------------------------------
EzineArticles is one of the most famous websites on internet for Articles Submission & It has got thousands of articles's database already. Search Function of the website is vulnerable to Cross Site Scripting [XSS] Attacks. HTML entities are not saitized properly, thus it lets the javascripts to be executed. It can lead to Cookie Stealing, Session hijacking etc. In the worst case, an Attacker can upload Shells such as c99 and deface the website.

----------------------------------------------------------------------------------
4. POC [Proof of Concept]:
----------------------------------------------------------------------------------
Example:- http://ezinearticles.com/search/?q=%...9%3C/script%3E
Screenshot:- : http://secworm.net/poc/ezinearticlesxss.jpg

----------------------------------------------------------------------------------
5. Credits:
This vulnerability was discovered by Nishant Soni (brainst0rm) from SecWorm Network.

----------------------------------------------------------------------------------
6. Report Timeline:
----------------------------------------------------------------------------------
December 29, 2009- Nishant Soni from SecWorm Network leaves an Email to EzineArticles.com
No reply.

----------------------------------------------------------------------------------
7. About SecWorm Network:
----------------------------------------------------------------------------------
SecWorm Network is a group of Security Researchers & Ethical hackers with the motto of security awareness and helping others
to secure themselves.
Everyone can reach to us at http://www.SecWorm.net/

----------------------------------------------------------------------------------
8. Disclaimer & Copyright:
----------------------------------------------------------------------------------
The contents of this advisory are copyright © 2009 SecWorm Network, and may be distributed freely provided that proper credits are given.
0
neo_vi's Avatar, Join Date: Feb 2008
Invasive contributor
Good one again.
Update the title.
Quote:
----------------------------------------------------------------------------------
1. Advisory Information:
----------------------------------------------------------------------------------
Title:- Cross Site Scripting vulnerability in Scribd.com