Lately, i have been researching on DOM based XSS a bit, Recently i found a DOM based XSS in AVG, DOM based XSS is caused due to lack of input filtering inside client side javascripts, since most of the code is moving towards client side, therefore DOM based xss have been very common now a days, It is predicted by the experts that the DOM based xss mostly occurs in the websites that heavily rely upon javascripts.
With that being said, let's take a look at the DOM based XSS POC:
The vulnerability is the result of lack of escaping done in "js_stdfull.js". The following is the screen shot of the vulnerable code causing the DOM based XSS:
//display the correct tab based on the url (#name) var pathname = $(location).attr('href');var urlparts = pathname.split("#");
I would like to give full credits to David Vieira-Kurz from Majorsecurity.com (@secalert), for helping me sort out the vulnerable code.
Yet another security researcher, David Sopas also found the same issue but on the English version of the site:
http://labs.davidsopas.com/2013/01/avg-vulnerable-to-dom-xss.html
No comments:
Post a Comment