I recently wrote on my italian speaking blog about insecurity of referer viewing services. In particular i wrote about link injection on wordpress.com administration page (maybe i will translate it in this blog). From that article i started thinking about : How bad guys could use this vulnerabilty to threat good guys? I had a first answer googling!
The second link i get from google searching "show your referer" is wwwDOTshowskyDOTcom (i dont want to link it because it may fuck up you browser). That site shows your referer, WOW what a miracle of scripting, but it also Store latests referer, without filtering input, this means Persistent XSS.
While i am writing this lines, surfing that site means be greeted by a few alert('xss'), but i don't know what could become in the future :)
This is a perfect example of "too much trust on user" and lack of input filtering.
Visualizzazione post con etichetta persistent xss. Mostra tutti i post
Visualizzazione post con etichetta persistent xss. Mostra tutti i post
Iscriviti a:
Post (Atom)
