I recently wrote on my italian speaking blog about insecurity of referer viewing services. In particular i wrote about link injection on wordpress.com administration page (maybe i will translate it in this blog). From that article i started thinking about : How bad guys could use this vulnerabilty to threat good guys? I had a first answer googling!
The second link i get from google searching "show your referer" is wwwDOTshowskyDOTcom (i dont want to link it because it may fuck up you browser). That site shows your referer, WOW what a miracle of scripting, but it also Store latests referer, without filtering input, this means Persistent XSS.
While i am writing this lines, surfing that site means be greeted by a few alert('xss'), but i don't know what could become in the future :)
This is a perfect example of "too much trust on user" and lack of input filtering.
MattiaAlfieri.blog() Web development and MOAR :]
About Me
Blog Archive
Powered by Blogger.
Labels
- link injection (1)
- persistent xss (1)
- referer (2)
- xss (1)
© 2010. MattiaAlfieri.blog(). Powered by Blogger. Theme design by WPShoppe and Converted by Ritesh Sanap.
0 commenti
Posta un commento