Vulners
Lucene search
Scribd.com Cross Site Scripting
`SecWorm.net - Advisory
http://SecWorm.net/
Steam XSS Vulnerability
----------------------------------------------------------------------------
------
1. Advisory Information:
----------------------------------------------------------------------------
------
Title:- Cross Site Scripting vulnerability in Scribd.com
Advisory ID:- SecWorm_Network_2009-3
Advisory URL:-
----------------------------------------------------------------------------
------
2. Vulnerability Information:
----------------------------------------------------------------------------
------
Class:- Cross Site Scripting Injection
Remotely Exploitable:- Yes
Locally Exploitable:- Yes
FIXED :- NO
----------------------------------------------------------------------------
------
3. Vulnerability Description:
----------------------------------------------------------------------------
------
In the search function of Scribd.com, html entities are not sanitized
properly, thus it allows any javascript to be executed in it. Tish causes a
non-persistent XSS vulnerability in the search function of Scribd.com. An
attacker can inject malicious javascript into the search function which
could be used for several types of attacks. An attacker can also hijack the
cookies of any user which will compromise the authentication.
----------------------------------------------------------------------------
------
4. POC [Proof of Concept]:
----------------------------------------------------------------------------
------
Example:- http://www.scribd.com/search?cat=solr
<http://www.scribd.com/search?cat=solr&q=%22%3E%3Cscript%3Ealert%28%22found%
20by%20Brainst0rm%20for%20Secworm.net%22%29%3C%2Fscript%3E> &q=...Fscript%3E
Screenshot:- : http://secworm.net/poc/scribd-xss.jpg
----------------------------------------------------------------------------
------
5. Credits:
This vulnerability was discovered by Nishant Soni (brainst0rm) from SecWorm
Network.
----------------------------------------------------------------------------
------
6. Report Timeline:
----------------------------------------------------------------------------
------
December 29, 2009- Nishant Soni from SecWorm Network leaves an Email to
Scribd.com Site feedback.
Reply awaited.
----------------------------------------------------------------------------
------
7. About SecWorm Network:
----------------------------------------------------------------------------
------
SecWorm Network is a group of Security Researchers & Ethical hackers with
the motto of security awareness and helping others
to secure themselves.
Everyone can reach to us at http://www.SecWorm.net/
----------------------------------------------------------------------------
------
8. Disclaimer & Copyright:
----------------------------------------------------------------------------
------
The contents of this advisory are copyright C 2009 SecWorm Network, and may
be distributed freely provided that proper credits are given.
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
30 Dec 2009 00:00Current
7.4High risk
Vulners AI Score7.4