Pantek Library
Hosting Provided By
CybrHost
High Speed Hosting
Mailing Lists: securityfocus.com > bugtraq > 07 > 091375.html (Request Expert securityfocus.com Support)

RE: feedreader3 has XSS vulnerability

From: avivra <avivra(at)gmail.com>
Date: Sun Sep 30 2007 - 09:26:44 EDT


Hi,

This is a cross-zone scripting vulnerability. FeedReader uses the IE browser control to render HTML. The RSS reader converts the RSS item data to a formatted HTML file and caches it locally.
When the user clicks on the RSS item, the RSS reader displays the local cached file, and any script in that file (or external references) will run in Local Zone.
Therefore, an attacker can create/manipulate an RSS feed that will execute arbitrary code on the user's machine.

Btw, according to Bugtrag (http://www.securityfocus.com/bid/25849/exploit) an attacker must convince the victim into subscribing a malicious RSS feed. As I've already discussed this in my blog post (http://aviv.raffon.net/2007/08/16/VistaGadgetsGoneWild.aspx) regarding the Windows Vista's RSS gadget, this claim is not true. In today's Web2.0 era, if a remote code execution vulnerability exists in RSS readers, it is very easy to create an RSS based worm.

--Aviv.

-----Original Message-----
From: Guy Mizrahi [mailto:guy@hacking.org.il] Sent: Friday, September 28, 2007 3:02 PM To: bugtraq@securityfocus.com
Subject: feedreader3 has XSS vulnerability

Hello,

I have found that feedreader3 has XSS vulnerability in its internal browser. When I post a script into wordpress( like <script>alert("XSS")</script>, the

RSS feed in the internal browser is vulnerable and show an alert box. POC movie here:
http://www.hacking.org.il/demos/feedreader3.wmv

Do you need help?X

Guy Mizrahi (ZuLL)
Hebrew blog: http://www.hacking.org.il Received on Mon Oct 1 13:42:02 2007

This archive was generated by hypermail 2.1.8 : Sun Oct 28 2007 - 06:18:35 EDT

Contact Us  Legal Notices  Order Services Online 
Pantek Home  Privacy Policy  IT news  Site Map  Pantek Library