News Web Server Security Phishing Database Security Application Server Security Library Vulnerability Archive Secure Development Web Services Pen Test AJAX Application Firewalls
Main -> Internet Security News
TOPIC'S
Advertising
Old News
About
Resume
Contact
FAQ
Irc
Links
Articles
Translate
Interviews
Commentary
Books
Demos
Papers
Downloads
Advisories
Contributions
Security Services
Submit News
Syndicated News

Hosting generously provided by
www.mv.com




Pick Your Language


09/11/2006 More RSS Security Issues Discovered
GNUCitizen has discovered an RSS reader vulnerability in Sage (a firefox plugin).

"I turned off HTML tags and continued on as normal. However, something odd happened. When rendering my whitepaper “Awakening the Sleeping Giant” an insert of JavaScript was executed in my browser. How bazaar I thought. The security enabled feature makes me vulnerable. Sage was vulnerable to XSS! I immediately contacted pdp (architect). We worked on it for 30 minutes and for those 30 minutes all you could hear were sinister laughs."

My Blackhat Presentation Link: Zero Day Subscriptions: Using RSS and Atom Feeds As Attack Delivery Systems (Power Point)
My RSS Whitepaper: http://www.spidynamics.com/assets/documents/HackingFeeds.pdf
Advisory Link: http://www.gnucitizen.org/blog/cross-context-scripting-with-sage/
Link to this Story: 09/11/2006 More RSS Security Issues Discovered
RSS Security Issues Repository Link: RSS Security
Link: Have a Site Suggestion, Material Request, or News? Submit it!
News RSS Feed: Web Security news RSS Feed



External Links:
Copyright 2000-2007 Cgisecurity.com.
Providing Web Security news since 2000.
Information contained on this website may not be copied without explicit permission.
Best Viewed with Netscape.
Website Security Web Application Security solid state drives ssd ebay ebay topdeals nslookup online buy macbook air not work safe software security


Popular Links By Subject

Sponsored Link (Advertise)


Subscribe to CGISecurity.com


The Web Security Mailing List
  • Re: [WEB SECURITY] Scripting Question
  • Re: [WEB SECURITY] Scripting Question
  • Re: [WEB SECURITY] Scripting Question
  • Re: [WEB SECURITY] Scripting Question
  • Re: [WEB SECURITY] Scripting Question
  • [WEB SECURITY] WASC Web Application Security Statistics Project
  • Re: [WEB SECURITY] Scripting Question
  • [WEB SECURITY] Peach 2.1 BETA2 Released
  • RE: [WEB SECURITY] Scripting Question
  • [WEB SECURITY] widespread sql injection + javascript malware

    • Contact us
    Post News, get linkage!

    Name

    Email or Homepage:

    Subject

    Finish the word below: deadb33f

    Body