exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Feed2JS 1.7 Cross Site Scripting

Feed2JS 1.7 Cross Site Scripting
Posted May 8, 2015
Authored by Jing Wang

Feed2JS version 1.7 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 3ba37dbd97b4ca44a37bbd7c4e925e5531e0610cb4344a659ee3720d4398706f

Feed2JS 1.7 Cross Site Scripting

Change Mirror Download
*Feed2JS v1.7 XSS (Cross-site Scripting) Web Security Vulnerabilities*

Exploit Title: Feed2JS v1.7 magpie_debug.php? &url parameter XSS Security
Product: Feed2JS
Vendor: feed2js.org
Vulnerable Versions: v1.7
Tested Version: v1.7
Advisory Publication: May 09, 2015
Latest Update: May 09, 2015
Vulnerability Type: Cross-Site Scripting [CWE-79]
CVE Reference: *
Impact CVSS Severity (version 2.0):
CVSS v2 Base Score: 4.3 (MEDIUM) (AV:N/AC:M/Au:N/C:N/I:P/A:N) (legend)
Impact Subscore: 2.9
Exploitability Subscore: 8.6
Writer and Reporter: Jing Wang [School of Physical and Mathematical
Sciences (SPMS), Nanyang Technological University (NTU), Singapore]

*Proposition Details:*

*(1) Vendor & Product Description:*


*Product & Vulnerable Versions:*

*Vendor URL & Download:*
Feed2JS can be downloaded from here,

*Source code:*

*Product Introduction Overview:*
"What is "Feed to JavaScript? An RSS Feed is a dynamically generated
summary (in XML format) of information or news published on other web
sites- so when the published RSS changes, your web site will be
automatically changed too. It is a rather simple technology that allows
you, the humble web page designer, to have this content displayed in your
own web page, without having to know a lick about XML! Think of it as a box
you define on your web page that is able to update itself, whenever the
source of the information changes, your web page does too, without you
having to do a single thing to it. This Feed2JS web site (new and
improved!) provides you a free service that can do all the hard work for
you-- in 3 easy steps:
Find the RSS source, the web address for the feed.
Use our simple tool to build the JavaScript command that will display it
Optionally style it up to look pretty.

Please keep in mind that feeds are cached on our site for 60 minutes, so if
you add content to your RSS feed, the updates will take at least an hour to
appear in any other web site using Feed2JS to display that feed. To run
these scripts, you need a web server capable of running PHP which is rather
widely available (and free). You will need to FTP files to your server,
perhaps change permissions, and make some basic edits to configure it for
your system. I give you the code, getting it to work is on your shoulders.
I will try to help, but cannot always promise answers."

*(2) Vulnerability Details:*
Feed2JS web application has a computer security bug problem. It can be
exploited by stored XSS attacks. This may allow a remote attacker to create
a specially crafted request that would execute arbitrary script code in a
user's browser session within the trust relationship between their browser
and the server.

Several other Feed2JS products 0-day vulnerabilities have been found by
some other bug hunter researchers before. Feed2JS has patched some of them.
"Openwall software releases and other related files are also available from
the Openwall file archive and its mirrors. You are encouraged to use the
mirrors, but be sure to verify the signatures on software you download. The
more experienced users and software developers may use our CVSweb server to
browse through the source code for most pieces of Openwall software along
with revision history information for each source file. We publish
articles, make presentations, and offer professional services." Openwall
has published suggestions, advisories, solutions details related to XSS

*(2.1)* The first programming code flaw occurs at "&url" parameter in
"magpie_debug.php?" page.


Jing Wang,
Division of Mathematical Sciences (MAS),
School of Physical and Mathematical Sciences (SPMS),
Nanyang Technological University (NTU),

Login or Register to add favorites

File Archive:

September 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    2 Files
  • 2
    Sep 2nd
    21 Files
  • 3
    Sep 3rd
    0 Files
  • 4
    Sep 4th
    17 Files
  • 5
    Sep 5th
    34 Files
  • 6
    Sep 6th
    29 Files
  • 7
    Sep 7th
    11 Files
  • 8
    Sep 8th
    25 Files
  • 9
    Sep 9th
    0 Files
  • 10
    Sep 10th
    0 Files
  • 11
    Sep 11th
    26 Files
  • 12
    Sep 12th
    23 Files
  • 13
    Sep 13th
    17 Files
  • 14
    Sep 14th
    22 Files
  • 15
    Sep 15th
    16 Files
  • 16
    Sep 16th
    0 Files
  • 17
    Sep 17th
    0 Files
  • 18
    Sep 18th
    19 Files
  • 19
    Sep 19th
    60 Files
  • 20
    Sep 20th
    23 Files
  • 21
    Sep 21st
    15 Files
  • 22
    Sep 22nd
    8 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    17 Files
  • 26
    Sep 26th
    3 Files
  • 27
    Sep 27th
    13 Files
  • 28
    Sep 28th
    5 Files
  • 29
    Sep 29th
    12 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags


packet storm

© 2022 Packet Storm. All rights reserved.

Security Services
Hosting By