This site is soon to be deprecated by http://www.johnleitch.net

Saturday, May 8, 2010

Tumblr.com Persistent XSS

onmouseover attributes added to user submitted markup via HTTP proxy are not stripped.

Exploit: Create a new link, add a description, and set the HTML to <h1>test</h1>. Submit the form and capture the request using an HTTP proxy (e.g. Fiddler). Change the post[three] value to <h1 onmouseover="alert(0)">test</h1> and resume the request.

PoC: http://asdfffffffff.tumblr.com/

6 comments:

  1. This post is truly informative. Really quality post. In theory I would like to write like this also - taking time and real effort to make a good article. Wildcard SSL

    ReplyDelete
  2. Transcutaneous electrical nerve muscle stimulation machines are an effective pain management device that has been developed to help people with all kinds of pain problems. It varies from the management of chronic and enduring pains to short term pains that are more intense and require a remedy that will help reduce the effects of such a pain.

    cruiseshipjobs
    Cashmere Pashmina

    ReplyDelete
  3. Malting grain produces enzymes that convert starches in the grain into fermentable sugars. Different roasting times and temperatures are used to produce different colours of malt from the same grain. Darker malts will produce darker beers.

    on hold players
    non profit fundraiser

    ReplyDelete
  4. Hello there, simply become alert to your weblog thru Google, and fosbobetund that it’s really informative. I’m gonna watch out for brussels

    ReplyDelete
  5. Can you explain what you mean by the 'post[three]' value please. Thanks!

    ReplyDelete