Category: XSS

HTML Parsing, Document Validation, XSS, Parser Context, Bug Hunting

Does your SDLC Validate your Document? TL;DR Forget to perform HTML Validation and you’ve probably got XSS Target -> Intel/Mcafee Its an assumption by XSS.Cx that in 2016 any Public Company has performed Validation on any HTML Document that is Published. Failing to follow “Best Practices” for Software Delivery can often result in an exploit. […]

CVE-2014-4406, APPLE-SA-2014-09-17-5 OS X Server 3.2.1, DOM XSS, window.location.hash

CVE-2014-4406, APPLE-SA-2014-09-17-5 OS X Server 3.2.1, DOM XSS, window.location.hash Keywords Cross-Site Scripting (XSS), Document Object Model (DOM), window.location.hash, User Agent Exploitation, Proof of Concept (PoC), CVE-2014-4406, APPLE-SA-2014-09-17-5 OS X Server 3.2.1, XCode Server, CVE-2013-1034, SVG, toString, innerHTML CVE-2014-4406 Summary Cross-site scripting (XSS) vulnerability in Xcode Server in CoreCollaboration in Apple OS X Server before 3.2.1 […]

XSS, arc.help.yahoo.com, Captcha Form, CWE-79, CAPEC-86, Cross Site Scripting, Resolved

XSS in arc.help.yahoo.com at captchaView parameter URL https://arc.help.yahoo.com/arc/arc.php “Please use this form to report the error you are experiencing.” The Form once contained a Captcha Form to prevent Bots and Spam from Submitting the Form. The Form was submitted with a POST containing the XSS in the captchaView Parameter using a Double-URL encoded expression.. POST..&captchaView=visual%2522%253balert%25281%2529%252f%252f…In […]

CVE-2013-6853: Stored XSS in Y! Toolbar DOM for FireFox on MAC V3.1 + Windows V2.5 Resolved

CVE-2013-6853: Stored XSS via Code Injection in Y! Toolbar DOM for FireFox on MAC Version 3.1.0.20130813024103 and Windows Version 2.5.9.2013418100420. Resolved Published January 14, 2014 on XSS.Cx by Hoyt LLC Date: November 11, 2013                                                Author: Hoyt LLC http://xss.cx/ A local Stored XSS via Code Injection in Y! Toolbar DOM for FireFox on MAC Version 3.1.0.20130813024103 and […]

XSS, homes.yahoo.net, Cross Site Scripting, Javascript Injection, CWE-79, CAPEC-86, PoC, Resolved

PoC Summary The Mortgage Calculator in homes.yahoo.net was vulnerable to Reflected Cross Site Scripting (RXSS) in multiple parameters. Reported to Y! Security in October 2013 and more recently resolved, this PoC was outside the Scope of the Y! Bug Bounty Program.  Y! Bug Bounty Scope XSS in homes.yahoo.net The domains and properties below are in […]

Stored DOM XSS, www.ebay.com, Search Breadcrumb, Javascript Injection, Cookie Sink, Resolved

Stored DOM XSS in eBay Search Bread Crumb PoC Summary Stored XSS in www.ebay.com at Search Breadcrumb using multiple Parameters & Cookie Sinks via URL to evade XSS Neutering Routines.  Stored XSS in www.ebay.com at Search Breadcrumb Description The Search Breadcrumb in www.ebay.com is dynamically generated based on User Navigation. The Search Terms, Search Breadcrumb […]

CVE-2013-1034, Stored XSS, XXE, OS X Server v2.2.1, APPLE-SA-2013-09-17-1, HTML Injection, JSON XSS, Stored DOM XSS, SQL Injection

CVE-2013-1034 Summary Last Updated 18/9/2013 @ 1800 GMTAPPLE-SA-2013-09-17-1 was released on September 17, 2013 to address multiple Bugs in OS X Server 2.2.1(163), collabd, reported to Apple Product Security on April 17, 2013. KeywordsCVE-2013-1034, Cross-Site Scripting, Apple, APPLE-SA-2013-09-17-1, CWE-79, CAPEC-86, CWE-611, OS X Version 2.2.1, DoS, Crash, CAPEC-66, Colladb, Ruby on Rails, PostgreSQLImpactCVSS Severity (version 2.0):CVSS v2 Base Score:4.3 (MEDIUM) (AV:N/AC:M/Au:N/C:N/I:P/A:N)Impact Subscore: 2.9Exploitability Subscore: 8.6CVSS […]

linkedin.com, XSS, Cross Site Scripting, CWE-79, CAPEC-86, Javascript Injection, Resolved

Resolved: XSS in trk parmeter of www.linkedin.com as an authenticated user. Reported to security@linkedin.com on June 11, 2013 and resolved today, August 18, 2013. PoC URLhttp://www.linkedin.com/today/?trk=today_home_top_today_control</script><script>alert(1)</script>MATCH ON:fs.config({“failureRedirect”:”http://www.linkedin.com/nhome/”,”xhrHeaders”:{“X-FS-Origin-Request”:”/today/?trk=today_home_top_today_control</script><script>alert(1)</script>”,”X-FS-Page-Id”:”pulse-top-news”}});REQUIRED: Logged In User XSS in linkedin.com Commentary: LinkedIn has a Vulnerability  Rewards Program which results in sending a T-Shirt, which is ridiculous. Instead, its suggested that Linked In […]

redhat.com, XSS, Cross Site Scripting, CWE-79, CAPEC-86, Javascript Injection, Resolved

Resolved: Search Query XSS in www.redhat.com Reported a while back and fixed more recently. Does your Site have a Search Box? Test for XSS.Does your Site use Omniture Tracking Code? Test for XSS. Once upon a time, www.redhat.com had Search Form XSS in the q Param due to the “old and vulnerable Omniture Code” that allowed […]