Sep
8
2010

Uncategorized

Maggwire.com XSS Vulnerability

An article by connection Comments

1 Comment

Hello there! If you are new here, you might want to subscribe to the RSS feed for updates on this topic.

Luis Santana of the HackTalk Security Team has discovered a Reflective XSS Vulnerability in the Maggwire.com website.

The search function of the maggwire.com website is vulnerable to Reflective XSS which allows an attacker to inject arbitrary HTML or Javascript into the website. The following PoC url illustrates successful exploitation of the vulnerability.

http://www.maggwire.com/search?q=%27%3E%22%3E%3Cimg%20src=http://hacktalk.net/pwnt.png%20/%3E&x=0&y=0

Solution

We recommend sanitizing the GET request for the ‘q’ variable in the search function using the PHP htmlspecialchars(); function to prevent attacks like this from occurring.

FASB.org XSS Vulnerability
Yellowpages.com XSS Vulnerability
ESPN.go.com Multiple Vulnerabilities
Googlestore XSS Vulnerability
Chacha.com XSS Vulnerability

M	T	W	T	F	S	S
« Feb
		1	2	3	4	5
6	7	8	9	10	11	12
13	14	15	16	17	18	19
20	21	22	23	24	25	26
27	28	29	30	31

Maggwire.com XSS Vulnerability

Solution

Related Posts:

About the Author:

Solution

Related Posts:

Share this:

About the Author:

Leave a Reply Cancel reply