This site is soon to be deprecated by

Wednesday, September 30, 2009

Persistent XSS Vulnerability -

Here's a good one: Google Sidewiki has a type 2 XSS vulnerability. Upon editing an entry (and possibly when adding one, I didn't test it) an HTTP proxy such as Fiddler can be used to alter the pagetitle field.

The code replacing the pagetitle value is as follows.
<<a>a onmouseout=alert(0)>a

The a tag is stripped out, but as only one pass is performed a new a tag is created.
<a onmouseout=alert(0)>a

The result is a profile containing the arbitrary code.