After few weeks, now I can publish all information about linkedin.com vulnerability.
--------------------------------------------------------------------------------
Title : Persistent XSS in LinkedIn.com
--------------------------------------------------------------------------------
Date : 06.12.2012
--------------------------------------------------------------------------------
Vendor : www.LinkedIn.com
--------------------------------------------------------------------------------
1. What is it?
--------------------------------------------------------------------------------
LinkedIn.com - it is a big portal for people who are looking for
a job or for past and present colleagues.
2. Where is the bug?
--------------------------------------------------------------------------------
I found that LinkedIn is vulnerable to persistent cross-site scripting.
Logged-in user is able to add XSS code to this site.
3. PoC
--------------------------------------------------------------------------------
Proof-of-concept code will not be disclosed to public before it will be secured.
* When you are logged in at LinkedIn, choose one person from your contact list
* and go to this profile. In the middle (and right side) of profile-page,
* you will have 'edit tag' form. This is the vulnerable place.
* Malicious user, can add here 100-character long string to exploit this
* vulnerability, for example:
' > " > < img src=x onerror= alert ( / hi / ) >.
4. Contact
--------------------------------------------------------------------------------
* http://hauntit.blogspot.com
* http://portswigger.net
* http://www.linkedin.com
Thursday 14 February 2013
Tuesday 12 February 2013
osCommerce 2.3.3 shell via CSRF
Few days ago I wrote about persistent XSS attack possible in latest osCommerce (2.3.3).
Today, new strony about osCommerce:
public available exploit for csrf in latest version.
Enjoy ;)
Today, new strony about osCommerce:
public available exploit for csrf in latest version.
Enjoy ;)
Subscribe to:
Posts (Atom)