SocialURL Login Page Cross-Site Scripting

---

• From: morin.josh@xxxxxxxxx
• Date: 7 Jan 2008 14:15:25 -0000

---

Overview: SocialURL is a social community platform enabling you to organize your online identities. Connnect to all your social network sites with one URL.
SocialURL fails to sufficiently sanitize user-supplied input data via login box.

Class: Input Validation Error

Example:
1.<script>alert('xss')</script>
2.<iframe>

Discovered by: Joshua Morin

---

• Prev by Date: Linksys WRT54 GL - Session riding (CSRF)
• Next by Date: Re: vBulletin 3.6.8 XSRF/XSS Vulnerability
• Previous by thread: Linksys WRT54 GL - Session riding (CSRF)
• Next by thread: PostgreSQL 2007-01-07 Cumulative Security Release
• Index(es):
  • Date
  • Thread

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Mailing-Lists  > securityfocus  > bugtraq  > 2008-01