IDG Now! is one of the most popular brazilian IT online mags and a reference in portuguese language. It has millions of visits each day and a large community on social networks.
The site suffered from a reflected DOM XSS present on the JavaScript code for the AnythingSlider.
Vulnerable code:
a.gotoHash = function() {
var c = a.win.location.hash,
(...)
The location.hash wasn't sanitized and it was possible for a user to manipulate the URL injecting a XSS vector.
Proof of concept:
http://idgnow.uol.com.br/#<img src=x onerror=prompt(1);>
Also, the jQuery version was outdated.
The Developing team for IDG Now! reported that they fixed the DOM XSS issue and updated the jQuery framework.
Timeline:
23 Mar 2013: Reported to IDG Now!
26 Mar 2013: Fixed by their developing team.
23 Apr 2013: Full disclosure.
No comments:
Post a Comment