You'd be surprised just how many reader applications (remote and local) are
affected by this issue.
Besides the obvious zone context risks with these types of vulnerabilities you
also can execute CSRF
attacks against a wide user audience. One of the more interesting things that
you can do involving
RSS/Atom/Any Feed involves when a website uses a feed in order to display
dynamic content, as well as
those creating feeds from another feed.
For those interested my blackhat slides can be found below, along with the
occupying whitepaper.
Paper:
http://www.spidynamics.com/assets/documents/HackingFeeds.pdf
Slides:
http://www.cgisecurity.com/papers/RSS-Security.ppt
RSS Security Repository:
http://www.cgisecurity.com/rss/
- Robert
http://www.cgisecurity.com/ Website Security news and more
http://www.cgisecurity.com/index.rss [RSS Feed]
Cross Context Scripting in Firefox Sage Extension.
http://www.gnucitizen.org/blog/cross-context-scripting-with-sage
This proves that Firefox Extensions can be as dangerous as random
flash or quicktime media files. Moreover, the POC provides a real
example of how RSS feed Hacking really works.
--
pdp (architect)
http://www.gnucitizen.org
-------------------------------------------------------------------------
Sponsored by: Watchfire
Securing a web application goes far beyond testing the application using
manual processes, or by using automated systems and tools. Watchfire's
"Web Application Security: Automated Scanning or Manual Penetration
Testing?" whitepaper examines a few vulnerability detection methods -
specifically comparing and contrasting manual penetration testing with
automated scanning tools. Download it today!
https://www.watchfire.com/securearea/whitepapers.aspx?id=701500000008Vmm
--------------------------------------------------------------------------
