darksecurity.de | Entries tagged as advisory

SSCHADV2014-003 - Serendipity 1.7.5 (Backend) - Multiple security vulnerabilities

Yahoo Bug Bounty Program Vulnerability #2 Open Redirect

SSCHADV2014-001 - Wordpress Plugin WP-Members Version 2.8.9 - Stored and reflected Cross-site Scripting vulnerabilities

SSCHADV2013-010 - developer.mozilla.org DOMbased Cross-site Scripting vulnerability

HTML5 Security Cheatsheet

SSCHADV2013-011 - pages.ebay.de - DOM based Cross-site Scripting vulnerability

Posted by Stefan Schurtz on Thursday, February 6. 2014

^Advisory:	Serendipity 1.7.5 (Backend) – Multiple security vulnerabilities
Advisory ID:	SSCHADV2014-003
Author:	Stefan Schurtz
Affected Software:	Successfully tested on Serendipity 1.7.5
Vendor URL:	http://www.s9y.org/
Vendor Status:	fixed

======================
Vulnerability Description
======================

The Serendipity 1.7.5 backend is prone to multiple security vulnerabilities

Continue reading "SSCHADV2014-003 - Serendipity 1.7.5 (Backend) - Multiple security vulnerabilities"

Posted by on Saturday, January 11. 2014

In Dec ’13 I reported a Open Redirect (and two other vulnerabilities, first in Nov ’13) to the Yahoo Bug Bounty Program. Sadly, I’ve got no response or feedback for any of this issues, so I wrote a new message to them (this time via email).

Last week they told me that Open redirects are no longer in scope of the bug bounty programm :-/

So here is my advisory for this issue:

Continue reading "Yahoo Bug Bounty Program Vulnerability #2 Open Redirect"

Posted by Stefan Schurtz on Wednesday, January 8. 2014

^Advisory:	Wordpress Plugin WP-Members 2.8.9 – Multiple Cross-site Scripting vulnerabilities
Advisory ID:	SSCHADV2014-001
Author:	Stefan Schurtz
Affected Software:	Successfully tested on WP-Members Version 2.8.9
Vendor URL:	http://wordpress.org/plugins/wp-members/
Vendor Status:	fixed

======================
Vulnerability Description
======================

The Wordpress plugin "WP-Members 2.8.9" is prone to reflected and stored XSS vulnerabilities

Continue reading "SSCHADV2014-001 - Wordpress Plugin WP-Members Version 2.8.9 - Stored and reflected Cross-site Scripting vulnerabilities"

Posted by on Sunday, December 8. 2013

Advisory:	developer.mozilla.org - DOM based Cross-site Scripting vulnerability
Advisory ID:	SSCHADV2013-010
Author:	Stefan Schurtz
Affected Software:	Successfully tested on developer.mozilla.org
Vendor URL:	http://developer.mozilla.org
Vendor Status:	fixed

==========================
Vulnerability Description
==========================

The website 'developer.mozilla.org' is prone to a DOM based XSS vulnerability

Continue reading "SSCHADV2013-010 - developer.mozilla.org DOMbased Cross-site Scripting vulnerability"

Posted by Stefan Schurtz on Sunday, December 1. 2013

Here you can find the HTML5 Security Cheatsheet, which is a nice source of some good XSS payloads.

For Example:

XSS via formaction – requiring user interaction (1)

A vector displaying the HTML5 form and formaction capabilities for form hijacking outside the actual form

Self-including DOM Worker XSS

A self-including code snippet utilizing a DOM worker and firing a message event to itself causing script execution

0?<script>Worker("#").onmessage=function()eval(.data)</script> :postMessage(importScripts(‘data:;base64,cG9zdE1lc3NhZ2UoJ2FsZXJ0KDEpJyk’))

Self-hijacking JSON literals

In case parts of a JSON literal are controlled by user input there’s a risk to allow auto-harvesting values from later object members.

December '23

Posted by Stefan Schurtz on Thursday, November 7. 2013

Advisory:	pages.ebay.de – DOM based Cross-site Scripting vulnerability
Advisory ID:	SSCHADV2013-011
Author:	Stefan Schurtz
Affected Software:	Successfully tested on pages.ebay.de
Vendor URL:	http://www.ebay.com
Vendor Status:	fixed

======================
Vulnerability Description
======================

The website ‘pages.ebay.de’ is prone to a DOM based XSS vulnerability

Continue reading "SSCHADV2013-011 - pages.ebay.de - DOM based Cross-site Scripting vulnerability"