Information Assurance |
Amy Sliva |
Information AssuranceBugtraq AnalysisLiveJournal XSS Vulnerability |
Bugtraq Email: LIveJournal XSS Link: www.securityfocus.com/archive/1/354504 LiveJournal (www.livejournal.org) is a popular open source software package used to create internet journals. Often times people will have links to these journals from their websites or AIM profiles. LiveJournal is vulnerable to an XSS vulnerability that allows an attacker to execute code through a user's browser. Users of LiveJournal can supply a url to be used as the source of their journal's background image, though it is not required (url can be null if there is no image). Below is an example of how a user could supply a background image url. body {background-image: url(www.whatever.com);} LiveJournal removes markup from the url string, but does not check for parentheses or semicolons, allowing an attacker to insert JavaScript code. By replacing the url www.whatever.com with ); background:url(javascript:alert("XSS!") the following would be inserted into the stylesheet: body { background-image: url(); background:url(javascript:alert("XSS!")} in which the background-image url is now null, and the semicolon then allows the script that follows to be executed. The injected code gets executed when a victim visits an attackers LiveJournal, allowing for a variety of different attacks (redirection, cookie stealing, etc.) The only real way to protect against this type of vulnerabilty is to use better filtering methods to ensure that parentheses and semicolons are not inserted into the url string. |