This site is soon to be deprecated by http://www.johnleitch.net

Friday, September 25, 2009

Persistent XSS Vulnerability - IntenseDebate.com

The profile description field of Intense Debate has a type 2 XSS vulnerability. Using it, arbitrary code can be run when the affected profile is viewed or when the mouse cursor is over the avatar present next to comments posted by the account.





<a style="position:absolute;top:-500px;left:-500px;width:9999px;height:9999px;" onmouseover="alert(0)"></a>

http://intensedebate.com/people/JohnnyCake5

http://www.woodtv.com/dpp/your_money/wall_street/Stocks_End_Low_As_Healthcare_Recovers_2887663#IDComment35942133

5 comments:

  1. Thanks for the information,I get a better understanding about the issue.And Hope that you have more post for us to read.

    ReplyDelete
  2. XSS vulnerabilities have been reported and exploited since the 1990s. Prominent sites affected in the past include the social-networking sites Twitter, Facebook, MySpace, and Orkut. In recent years, cross-site scripting flaws surpassed buffer overflows to become the most common publicly-reported security vulnerability, with some researchers viewing as many as 68% of websites as likely open to XSS attacks.

    norton promo bike shop melbourne

    ReplyDelete
  3. I love it,Excellent article.I am decide to put this into use one of these days.Thank you for sharing this.To Your Success!
    _____________________________________________________________________________

    Rc Helicopter Parts|Rc Helicopter|Mini Rc Helicopter

    ReplyDelete
  4. I'm very glade for recognize this site

    ReplyDelete