Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security VulnWatch
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[VulnWatch] Syhunt: Flixster Cross-Site Scripting Vulnerabilities

from [Alec Storm] Network Security [Permanent Link]
Subject: [VulnWatch] Syhunt: Flixster Cross-Site Scripting Vulnerabilities
Date: Tue, 24 Apr 2007 13:58:36 -0300 
Syhunt: Flixster Cross-Site Scripting Vulnerabilities

Advisory-ID: 200731031
Discovery Date: 3.31.2007
Release Date:  4.24.2007
Affected Applications: Flixter service
Class: Cross-Site Scripting (Cookie-Theft), HTML Injection
Status: Patched by Flixster
Vendor: Flixster, Inc
Vendor URL: http://www.flixster.com

----------------------------------------------------------------

Overview:
Flixster is a social networking site focused around movie
reviews. It includes features such as the ability for individual
users to review and rate films and to compare their ratings with
invited friends to assess compatibility in film tastes.
Recently they claimed to have surpassed 5 million registered
users.

Description:
Flixster service is vulnerable to cross-site scripting (XSS) and
HTML injection. Input passed directly to the "message" parameter
is not properly sanitised before being returned to the user.
Search feature is vulnerable as well. The vulnerability can be
exploited to execute arbitrary HTML code and script code in the
user's browser session. Flixster allows to include links in the
user profile and messages, making these flaws even more easily
to exploit.

----------------------------------------------------------------

Details:
1) Message param XSS

http://www.flixster.com/user/[user]?message=
Hello%20world!<script>alert(document.cookie);</script>

http://www.flixster.com/homepage.do?message=
Hello%20world!<script>alert(document.cookie);</script>

2) Search XSS

http://www.flixster.com/movies.do?movieAction=doMovieSearch&;
search="><script>alert(document.cookie)%3B<%2Fscript>&x=44&y=14

----------------------------------------------------------------

Vulnerability Status:
Vendor was notified on 3.31.2007. Flixster is no longer
vulnerable to these exploitation methods.

----------------------------------------------------------------

Disclaimer:
The information in this advisory is provided "as is" without
warranty of any kind. Details provided are strictly for
educational and defensive purposes.

Syhunt is not liable for any damages caused by direct or
indirect use of the information provided by this advisory.

---
Credit:
Alec Storm, Syhunt Security Research Team, www.syhunt.com

[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [VulnWatch] Syhunt: Flixster Cross-Site Scripting Vulnerabilities, Alec Storm <=
Previous by Date:  [VulnWatch] Syhunt: Google Talk (gTalk) HTML Injection Technique, Alec Storm
Next by Date:  [Full-disclosure] iDefense Security Advisory 04.26.07: Novell eDirectory NCP Fragment Denial of Service Vulnerability, iDefense Labs
Previous by Thread:  [VulnWatch] Syhunt: Google Talk (gTalk) HTML Injection Technique, Alec Storm
Next by Thread:  [Full-disclosure] iDefense Security Advisory 04.26.07: Novell eDirectory NCP Fragment Denial of Service Vulnerability, iDefense Labs
Indexes:  [Date] [Thread] [Top] [All Lists]