Tuesday, April 23, 2013

IDG Now! vulnerable to reflected XSS

IDG Now! is one of the most popular brazilian IT online mags and a reference in portuguese language. It has millions of visits each day and a large community on social networks.

The site suffered from a reflected DOM XSS present on the JavaScript code for the AnythingSlider.

Vulnerable code:
a.gotoHash = function() {
var c = a.win.location.hash,

The location.hash wasn't sanitized and it was possible for a user to manipulate the URL injecting a XSS vector.

Proof of concept:
http://idgnow.uol.com.br/#<img src=x onerror=prompt(1);>

Also, the jQuery version was outdated.

The Developing team for IDG Now! reported that they fixed the DOM XSS issue and updated the jQuery framework.

23 Mar 2013: Reported to IDG Now!
26 Mar 2013: Fixed by their developing team.
23 Apr 2013: Full disclosure.

No comments:

Post a Comment