Saturday, April 09, 2005
XSS in "Code Snippets" [Updated]
Update:
The "XSS tag exploit" shown below will fail because the application doesn't allow single quotes and slashes! Anyway, Peter will fix the XSS issues ASAP...
Outdated:
Peter Cooper's nice "Code Snippets" (rails driven with tag support) is vulnerable to XSS:
(Snipped from my email to Peter)
I hope Peter will fix these issues soon :)
See ror's announcement.
The "XSS tag exploit" shown below will fail because the application doesn't allow single quotes and slashes! Anyway, Peter will fix the XSS issues ASAP...
Outdated:
Peter Cooper's nice "Code Snippets" (rails driven with tag support) is vulnerable to XSS:
(Snipped from my email to Peter)
1. Tags
* http://www.bigbold.com/snippets/tags/ruby<body onload="alert('XSS')">
-> tags should be escaped
2. Create user (http://www.bigbold.com/snippets/login/create)
* Every input field is vulnerable to XSS:
<body onload="alert('XSS')">
-> input field should be escaped
* The URL field accepts "javascript:" URLs: (NOT TESTED)
javascript:alert('XSS')
-> only allow %r{(f|h)ttps?://} (?)
I hope Peter will fix these issues soon :)
See ror's announcement.
# posted by splattael @ 9:21 AM 
Comments:
<< Home
Even better, Blogger's comments are prone to this too! I just clicked to post a comment and got an alert box.. haha!
Post a Comment
# posted by 
: April 09, 2005
: April 09, 2005 << Home
