EzineArticles.com suffers from a cross site scripting vulnerability.
0ef2ab74caf5364983dd8f269700bb456889bed83f712649df7f646fd20ac23c
SecWorm.net - Advisory
http://SecWorm.net/
XSS Vulnerability in EzineArticles.com
----------------------------------------------------------------------------
------
1. Advisory Information:
----------------------------------------------------------------------------
------
Title:- Cross Site Scripting vulnerability in Scribd.com
Advisory ID:- SecWorm_Network_2010-1
Advisory URL:-
http://secworm.net/Thread-Cross-Site-Scripting-XSS-vulnerability-in-Ezineart
icles-com-by-SecWorm-net?pid=313#pid313
----------------------------------------------------------------------------
------
2. Vulnerability Information:
----------------------------------------------------------------------------
------
Class:- Cross Site Scripting Injection
Remotely Exploitable:- Yes
Locally Exploitable:- Yes
FIXED :- NO
----------------------------------------------------------------------------
------
3. Vulnerability Description:
----------------------------------------------------------------------------
------
EzineArticles is one of the most famous websites on internet for Articles
Submission & It has got thousands of articles's database already. Search
Function of the website is vulnerable to Cross Site Scripting [XSS] Attacks.
HTML entities are not saitized properly, thus it lets the javascripts to be
executed. It can lead to Cookie Stealing, Session hijacking etc. In the
worst case, an Attacker can upload Shells such as c99 and deface the
website.
----------------------------------------------------------------------------
------
4. POC [Proof of Concept]:
----------------------------------------------------------------------------
------
Example:-
http://ezinearticles.com/search/?q=%3Cscript%3Ealert%28%22Found%22%29%3C/scr
ipt%3E
Screenshot:- : http://secworm.net/poc/ezinearticlesxss.jpg
----------------------------------------------------------------------------
------
5. Credits:
This vulnerability was discovered by Nishant Soni (brainst0rm) from SecWorm
Network.
----------------------------------------------------------------------------
------
6. Report Timeline:
----------------------------------------------------------------------------
------
December 29, 2009- Nishant Soni from SecWorm Network leaves an Email to
EzineArticles.com
No reply.
----------------------------------------------------------------------------
------
7. About SecWorm Network:
----------------------------------------------------------------------------
------
SecWorm Network is a group of Security Researchers & Ethical hackers with
the motto of security awareness and helping others
to secure themselves.
Everyone can reach to us at http://www.SecWorm.net/
----------------------------------------------------------------------------
------
8. Disclaimer & Copyright:
----------------------------------------------------------------------------
------
The contents of this advisory are copyright C 2009 SecWorm Network, and may
be distributed freely provided that proper credits are given.