Find Baby Names and ebook package for expecting and new mothers.
MOMBY-00000010: MySpace Link Poisoning (Clickable XSS) |
| Published: April 2, 2007, 9:19 am |
| Tags: xss |
|
Advisory MOMBY-00000010: MySpace Link Poisoning (Clickable XSS) Press Embargo until April 2, 2007 Rankings: Noobs: **** LOLs: ** 0wnz: ** The "cms.goto" application on profile.myspace.com does not fully sanitize input supplied by the URL. The variable "_u" builds a link from the data supplied by the user. While some simple punctuation sanitation does occur, the link content can be manipulated to open an XSS vector using the domain of "profile.myspace.com" when an attacker supplies a javascript:// (or data:// for Gecko browsers) URL. This problem can lead to a full browser window hijack for the lifetime of the browsing window (see Hansen, Grossman, et. al.) or lesser attacks such as cookie theft and session impersonation. Example link: http://profile.myspace.com/index.cfm?fuseaction=cms.goto&_i=&_u=javascript:document.write(%27<font size=+10 color=%22red%22>http://ha.ckers.org/xss.html</font><p align=center>greetz RSn%61ke!<br><iframe [ Full article ] |
 Blog link
Rating: 0 
|
No Comments...