SecWorm.net - Advisory http://SecWorm.net/ XSS Vulnerability in EzineArticles.com ---------------------------------------------------------------------------- ------ 1. Advisory Information: ---------------------------------------------------------------------------- ------ Title:- Cross Site Scripting vulnerability in Scribd.com Advisory ID:- SecWorm_Network_2010-1 Advisory URL:- http://secworm.net/Thread-Cross-Site-Scripting-XSS-vulnerability-in-Ezineart icles-com-by-SecWorm-net?pid=313#pid313 ---------------------------------------------------------------------------- ------ 2. Vulnerability Information: ---------------------------------------------------------------------------- ------ Class:- Cross Site Scripting Injection Remotely Exploitable:- Yes Locally Exploitable:- Yes FIXED :- NO ---------------------------------------------------------------------------- ------ 3. Vulnerability Description: ---------------------------------------------------------------------------- ------ EzineArticles is one of the most famous websites on internet for Articles Submission & It has got thousands of articles's database already. Search Function of the website is vulnerable to Cross Site Scripting [XSS] Attacks. HTML entities are not saitized properly, thus it lets the javascripts to be executed. It can lead to Cookie Stealing, Session hijacking etc. In the worst case, an Attacker can upload Shells such as c99 and deface the website. ---------------------------------------------------------------------------- ------ 4. POC [Proof of Concept]: ---------------------------------------------------------------------------- ------ Example:- http://ezinearticles.com/search/?q=%3Cscript%3Ealert%28%22Found%22%29%3C/scr ipt%3E Screenshot:- : http://secworm.net/poc/ezinearticlesxss.jpg ---------------------------------------------------------------------------- ------ 5. Credits: This vulnerability was discovered by Nishant Soni (brainst0rm) from SecWorm Network. ---------------------------------------------------------------------------- ------ 6. Report Timeline: ---------------------------------------------------------------------------- ------ December 29, 2009- Nishant Soni from SecWorm Network leaves an Email to EzineArticles.com No reply. ---------------------------------------------------------------------------- ------ 7. About SecWorm Network: ---------------------------------------------------------------------------- ------ SecWorm Network is a group of Security Researchers & Ethical hackers with the motto of security awareness and helping others to secure themselves. Everyone can reach to us at http://www.SecWorm.net/ ---------------------------------------------------------------------------- ------ 8. Disclaimer & Copyright: ---------------------------------------------------------------------------- ------ The contents of this advisory are copyright C 2009 SecWorm Network, and may be distributed freely provided that proper credits are given.