Scribd.com Cross Site Scripting

2009-12-30T00:00:00
ID PACKETSTORM:84500
Type packetstorm
Reporter Nishant Soni
Modified 2009-12-30T00:00:00

Description

                                        
                                            `SecWorm.net - Advisory  
http://SecWorm.net/  
Steam XSS Vulnerability  
  
----------------------------------------------------------------------------  
------  
1. Advisory Information:  
----------------------------------------------------------------------------  
------  
Title:- Cross Site Scripting vulnerability in Scribd.com  
Advisory ID:- SecWorm_Network_2009-3  
Advisory URL:-   
  
----------------------------------------------------------------------------  
------  
2. Vulnerability Information:  
----------------------------------------------------------------------------  
------  
Class:- Cross Site Scripting Injection  
Remotely Exploitable:- Yes  
Locally Exploitable:- Yes  
FIXED :- NO  
  
----------------------------------------------------------------------------  
------  
3. Vulnerability Description:  
----------------------------------------------------------------------------  
------  
In the search function of Scribd.com, html entities are not sanitized  
properly, thus it allows any javascript to be executed in it. Tish causes a  
non-persistent XSS vulnerability in the search function of Scribd.com. An  
attacker can inject malicious javascript into the search function which  
could be used for several types of attacks. An attacker can also hijack the  
cookies of any user which will compromise the authentication.   
  
----------------------------------------------------------------------------  
------  
4. POC [Proof of Concept]:  
----------------------------------------------------------------------------  
------  
Example:- http://www.scribd.com/search?cat=solr  
<http://www.scribd.com/search?cat=solr&q=%22%3E%3Cscript%3Ealert%28%22found%  
20by%20Brainst0rm%20for%20Secworm.net%22%29%3C%2Fscript%3E> &q=...Fscript%3E  
Screenshot:- : http://secworm.net/poc/scribd-xss.jpg  
  
----------------------------------------------------------------------------  
------  
5. Credits:  
This vulnerability was discovered by Nishant Soni (brainst0rm) from SecWorm  
Network.  
  
----------------------------------------------------------------------------  
------  
6. Report Timeline:  
----------------------------------------------------------------------------  
------  
December 29, 2009- Nishant Soni from SecWorm Network leaves an Email to  
Scribd.com Site feedback.  
Reply awaited.  
  
----------------------------------------------------------------------------  
------  
7. About SecWorm Network:  
----------------------------------------------------------------------------  
------  
SecWorm Network is a group of Security Researchers & Ethical hackers with  
the motto of security awareness and helping others  
to secure themselves.  
Everyone can reach to us at http://www.SecWorm.net/  
  
  
----------------------------------------------------------------------------  
------  
8. Disclaimer & Copyright:  
----------------------------------------------------------------------------  
------  
The contents of this advisory are copyright C 2009 SecWorm Network, and may  
be distributed freely provided that proper credits are given.  
  
  
  
  
  
`