Wednesday, April 7, 2010

darkreading.com vulnerable to persistent XSS injected in published articles

...or 'When re-publishing app security material helps discovering vulnerabilities in the publisher's Web application'...

darkreading.com published on 6th of April an article which describes 'meta-information XSS' (see 'Researcher Details New Class of Cross-Site Scripting Attack', available at http://darkreading.com/vulnerability_management/security/app-security/showArticle.jhtml?articleID=224201569").

The original article included a classic XSS test case, namely <script>alert(1)</script>. As a result of an existing XSS vulnerability in the darkreading.com web site, the XSS test case above turned out to be inadvertently a successful one, as shown below:



Following a brief notice I sent today to Timothy Wilson (editor at darkreading.com), he confirmed the issue, also mentioning that it is now fixed.

The HTML code from the original post (including the cited XSS test case):
a DNS TXT record that contains the value "<script>alert(1)</script>" and a service

The HTML code for current version of the article:
a DNS TXT record that contains [a certain value] and a service

With the same article being reproduced by a significant number of online publications, it could be interesting to see how many other are also affected.