This site is soon to be deprecated by http://www.johnleitch.net

Saturday, September 19, 2009

Persistent XSS Vulnerability - AssociatedContent.com

Several of the fields of Associated Content profile system have persistent XSS vulnerabilities. Such a vulnerability could be used to craft a rather nasty worm.





The code shown in the screenshots is as follows:

"style="position:absolute;top:0;left:0;width:9999px;height:9999px;"onmouseover="alert(0)

http://www.associatedcontent.com/user/631547/xss_blog.html

3 comments:

  1. radio imagingWedding Weight Loss Tips

    The team development module of Drupal Content has released version 6.x-2.0-rc4, has overcome security vulnerabilities cross-site scripting (XSS) when displaying the messages stop.


    If a person with the right to use any "Administer blocks" accidentally click on the link has been prepared, JavaScript code hidden in the path that will enable privileges on Drupal. Attackers will continue to exploit this vulnerability to take control of the entire system. Just a few weeks ago, a type of XSS vulnerability has been discovered on a tracking system, allowing access to the server at the root of the Apache Software Foundation. Therefore, the XSS vulnerability necessarily not be taken lightly.

    ReplyDelete
  2. I love it,Excellent article.I am decide to put this into use one of these days.Thank you for sharing this.To Your Success!
    _____________________________________________________________________________

    Rc Helicopter Parts|Rc Helicopter|Mini Rc Helicopter

    ReplyDelete