Entries tagged as cross site scripting
advisory icinga nagios saarland security sicherheit xss nessus sql injection metasploit lfi infoserve directory traversal buffer overflow denial of service dos heise cross site request forgery adobe omniture open redirection apple.com store.apple.com cheat sheet html5 bug bounty coding saar sven animal shelters animals cats dogs donate hunde katzen support Cisco Sicherheit abra artikel check point HTTPS Intrusion Prevention full path disclosure backdoor openbsd openssh bypass owasp markplaats.nl OpenBSD OpenSSH steganographie reverse engineering challenges http polipo proxy
SSCHADV2013-012 - ssl.bing.com - Cross-site Scripting vulnerability
Advisory:
|
ssl.bing.com – Cross-site Scripting vulnerability
|
Advisory ID:
|
SSCHADV2013-012
|
Author:
|
Stefan Schurtz
|
Affected Software:
|
Successfully tested on ssl.bing.com
|
Vendor URL:
|
|
Vendor Status:
|
fixed
|
======================
Vulnerability Description
======================
Vulnerability Description
======================
The website ‘ssl.bing.com’ is prone to a Cross-site Scripting vulnerability
SSCHADV2014-001 - Wordpress Plugin WP-Members Version 2.8.9 - Stored and reflected Cross-site Scripting vulnerabilities
Advisory:
|
Wordpress Plugin WP-Members 2.8.9 – Multiple Cross-site Scripting vulnerabilities
|
Advisory ID:
|
SSCHADV2014-001
|
Author:
|
Stefan Schurtz
|
Affected Software:
|
Successfully tested on WP-Members Version 2.8.9
|
Vendor URL:
|
|
Vendor Status:
|
fixed
|
======================
Vulnerability Description
======================
Vulnerability Description
======================
The Wordpress plugin "WP-Members 2.8.9" is prone to reflected and stored XSS vulnerabilities
SSCHADV2013-010 - developer.mozilla.org DOMbased Cross-site Scripting vulnerability
Advisory:
|
developer.mozilla.org - DOM based Cross-site Scripting vulnerability
|
Advisory ID:
|
SSCHADV2013-010
|
Author:
|
Stefan Schurtz
|
Affected Software:
|
Successfully tested on developer.mozilla.org
|
Vendor URL:
|
|
Vendor Status:
|
fixed
|
==========================
Vulnerability Description
==========================
Vulnerability Description
==========================
The website 'developer.mozilla.org' is prone to a DOM based XSS vulnerability
HTML5 Security Cheatsheet
Here you can find the HTML5 Security Cheatsheet, which is a nice source of some good XSS payloads.
For Example:
XSS via formaction – requiring user interaction (1)
A vector displaying the HTML5 form and formaction capabilities for form hijacking outside the actual form
Self-including DOM Worker XSS
A self-including code snippet utilizing a DOM worker and firing a message event to itself causing script execution
0?<script>Worker("#").onmessage=function()eval(.data)</script> :postMessage(importScripts(‘data:;base64,cG9zdE1lc3NhZ2UoJ2FsZXJ0KDEpJyk’))
|
Self-hijacking JSON literals
In case parts of a JSON literal are controlled by user input there’s a risk to allow auto-harvesting values from later object members.
<script>[{‘a’:Object.prototype.defineSetter(‘b’,function(){alert(arguments[0])}),‘b’:[‘secret’]}]</script>
|
SSCHADV2013-011 - pages.ebay.de - DOM based Cross-site Scripting vulnerability
Advisory:
|
pages.ebay.de – DOM based Cross-site Scripting vulnerability
|
Advisory ID:
|
SSCHADV2013-011
|
Author:
|
Stefan Schurtz
|
Affected Software:
|
Successfully tested on pages.ebay.de
|
Vendor URL:
|
|
Vendor Status:
|
fixed
|
======================
Vulnerability Description
======================
Vulnerability Description
======================
The website ‘pages.ebay.de’ is prone to a DOM based XSS vulnerability