exploit the possibilities

Libsyn Cross Site Scripting

Libsyn Cross Site Scripting
Posted Dec 2, 2012
Authored by MustLive

Libsyn suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 1a4dd7ffccf9c79c55b8a0d5e93e4e35

Libsyn Cross Site Scripting

Change Mirror Download
Hello list!

As you can see from my publications for last five years, I like holes which
are placed at hundreds or millions of web sites. Since my 2008's article XSS
vulnerabilities in 215000 flash files
(http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/2008-November/004655.html)
till last advisories about vulnerabilities in JW Player and other
flash-files, which are hosted at millions of sites. For example, any
vulnerability in WordPress (such as XSS in swfupload) are spread on more
58,4 million web sites (by wordpress.com statistics). And now I'll tell you
about vulnerability at one hosting platform which has potentially up to
million of web sites.

Here is Cross-Site Scripting vulnerability in libsyn platform (Liberated
Syndication). There are a lot of vulnerable web sites with this XSS on it
(including security sites).

According to Google (site:libsyn.com -site:www.libsyn.com):

At 27.09.2012 there were results: 1890000
At 01.12.2012 there were results: 2080000

It's about pages of all subdomains. But we can take some average number of
pages per site and find the number of sites - approximately it'll be from
100000 till 1 million web sites. The developers haven't fixed vulnerability
for more then two months, even I've informed them multiple times.

----------
Details:
----------

XSS (WASC-08):

Here is example at one web site at libsyn:

http://dyned.libsyn.com/webpage/category/%3Cbody%20onload=alert(document.cookie)%3E

------------
Timeline:
------------

2012.09.27 - Found vulnerability in platform and checked it at multiple
libsyn sites.
2012.09.27 - Informed developers via e-mail and contact form. Site's contact
form answered that they would reply shortly.
2012.10.13 - Still no answer. Resent letter via contact form and to e-mail
of domain owner.
2012.12.01 - Still the same. Disclosed to Full-disclosure.

Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua

Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

September 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    1 Files
  • 2
    Sep 2nd
    38 Files
  • 3
    Sep 3rd
    30 Files
  • 4
    Sep 4th
    15 Files
  • 5
    Sep 5th
    12 Files
  • 6
    Sep 6th
    17 Files
  • 7
    Sep 7th
    3 Files
  • 8
    Sep 8th
    1 Files
  • 9
    Sep 9th
    24 Files
  • 10
    Sep 10th
    22 Files
  • 11
    Sep 11th
    22 Files
  • 12
    Sep 12th
    15 Files
  • 13
    Sep 13th
    5 Files
  • 14
    Sep 14th
    2 Files
  • 15
    Sep 15th
    1 Files
  • 16
    Sep 16th
    11 Files
  • 17
    Sep 17th
    16 Files
  • 18
    Sep 18th
    8 Files
  • 19
    Sep 19th
    14 Files
  • 20
    Sep 20th
    20 Files
  • 21
    Sep 21st
    3 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close