Hosting Provided By

feedreader3 has XSS vulnerability

From: Guy Mizrahi <guy(at)hacking.org.il>
Date: Fri Sep 28 2007 - 09:02:28 EDT

Hello,

I have found that feedreader3 has XSS vulnerability in its internal browser. When I post a script into wordpress( like <script>alert("XSS")</script>, the RSS feed in the internal browser is vulnerable and show an alert box. POC movie here:
http://www.hacking.org.il/demos/feedreader3.wmv

Guy Mizrahi (ZuLL)
Hebrew blog: http://www.hacking.org.il Received on Fri Sep 28 12:22:44 2007

This message: [ Message body ]
Next message: tyter9(at)gmail.com: "Re: 0trace - traceroute on established connections"
Previous message: research(at)procheckup.com: "Owning Big Brother: How to Crack into Axis IP cameras"
Next in thread: avivra: "RE: feedreader3 has XSS vulnerability"
Reply: avivra: "RE: feedreader3 has XSS vulnerability"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Sun Oct 28 2007 - 06:18:30 EDT