SecWorm.net - Advisory

http://SecWorm.net/

XSS Vulnerability in EzineArticles.com

 

----------------------------------------------------------------------------
------

1. Advisory Information:

----------------------------------------------------------------------------
------

Title:- Cross Site Scripting vulnerability in Scribd.com

Advisory ID:- SecWorm_Network_2010-1

Advisory URL:-
http://secworm.net/Thread-Cross-Site-Scripting-XSS-vulnerability-in-Ezineart
icles-com-by-SecWorm-net?pid=313#pid313

 

----------------------------------------------------------------------------
------

2. Vulnerability Information:

----------------------------------------------------------------------------
------

Class:- Cross Site Scripting Injection

Remotely Exploitable:- Yes

Locally Exploitable:- Yes

FIXED :- NO

 

----------------------------------------------------------------------------
------

3. Vulnerability Description:

----------------------------------------------------------------------------
------

EzineArticles is one of the most famous websites on internet for Articles
Submission & It has got thousands of articles's database already. Search
Function of the website is vulnerable to Cross Site Scripting [XSS] Attacks.
HTML entities are not saitized properly, thus it lets the javascripts to be
executed. It can lead to Cookie Stealing, Session hijacking etc. In the
worst case, an Attacker can upload Shells such as c99 and deface the
website. 

 

----------------------------------------------------------------------------
------

4. POC [Proof of Concept]:

----------------------------------------------------------------------------
------

Example:-
http://ezinearticles.com/search/?q=%3Cscript%3Ealert%28%22Found%22%29%3C/scr
ipt%3E

Screenshot:- : http://secworm.net/poc/ezinearticlesxss.jpg

 

----------------------------------------------------------------------------
------

5. Credits:

This vulnerability was discovered by Nishant Soni (brainst0rm) from SecWorm
Network.

 

----------------------------------------------------------------------------
------

6. Report Timeline:

----------------------------------------------------------------------------
------

December 29, 2009- Nishant Soni from SecWorm Network leaves an Email to
EzineArticles.com

No reply.

 

----------------------------------------------------------------------------
------

7. About SecWorm Network:

----------------------------------------------------------------------------
------

SecWorm Network is a group of Security Researchers & Ethical hackers with
the motto of security awareness and helping others

to secure themselves.

Everyone can reach to us at http://www.SecWorm.net/

 

----------------------------------------------------------------------------
------

8. Disclaimer & Copyright:

----------------------------------------------------------------------------
------

The contents of this advisory are copyright C 2009 SecWorm Network, and may
be distributed freely provided that proper credits are given.