Massive HTML Injection Vulnerability

This could become a massive vulnerability since many sites or blogs out there allow user to post image on their article’s comment. As my small research, I found out that we could launch a HTML Injection, XSS and even CSRF attack to sites that vulnerable to this. Here is the PoC :

(more…)

You might also intersted to these posts :

• August 1, 2007 — mybeNi SecureWordPress Worm (4)
• December 17, 2007 — Cross Site Request Forgery (CSRF) (7)
• November 27, 2007 — CSRF on SiteMap Generator Engine = Denial Of Service? (2)
• December 31, 2007 — Whois XSS (0)
• November 21, 2007 — Website Security Auditor (6)

[Read the rest on (it)gossips network: Zoiz]

Subscribe to Our FREE Newsletter Now:

Enter your email address: