Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Home Cross-site scripting vulnerability in Ubuntu official website
Breaking News Vulnerability Web Application Vulnerability XSS Vulnerability

Cross-site scripting vulnerability in Ubuntu official website

Tuesday, February 28, 2012
 A security researcher known as "flexxpoint" discovered cross site scripting vulnerability in the official website of Ubuntu. 

The search box in the Certified hardware Models page of Ubuntu website is found to be vulnerable to xss injection.

Poc:
http://www.ubuntu.com/certification/models?form.search_text=Dell"><script>alert(/xss-Bulgaria/.source)</script>&form.hardware_category=LAPTOP

The highlighted code is injected XSS code.  Apparently, the injected XSS code is very simple one. Replacing this code with malicious javascript allows an attacker to steal cookies or can be used for phishing attack.
Tags: Breaking News Vulnerability Web Application Vulnerability XSS Vulnerability
Share it:

Breaking News

Vulnerability

Web Application Vulnerability

XSS Vulnerability