Blogger.com has xss issue
Stored xss in blogger "Custom Page Not Found not found section"
1.login to blogger then go to the blog and then Settings › Search
preferences . You will get Errors and redirections . In Custom Page Not
Found section
there is a input field
2. Put the payload "><img src=x onerror=alert(1)><!--
3.Then Save it.Go to your Blog or website . Nothing Happening . Just
add a directory or file after your domain which is not exist .<br>
(example: http://site.com/a.html or http://yourblog.blogger.com/a.html)
Then you will see its popped up with alert.
As a blogger can do anything in his Own blog so it's not a big issue. But in blogger custom page a xss payload can be executed so it's an issue because the code which has been written in that section is not enough secure to filter xss than the other sections in the blogger.com
Thanks
Stored xss in blogger "Custom Page Not Found not found section"
1.login to blogger then go to the blog and then Settings › Search
preferences . You will get Errors and redirections . In Custom Page Not
Found section
there is a input field
2. Put the payload "><img src=x onerror=alert(1)><!--
3.Then Save it.Go to your Blog or website . Nothing Happening . Just
add a directory or file after your domain which is not exist .<br>
(example: http://site.com/a.html or http://yourblog.blogger.com/a.html)
Then you will see its popped up with alert.
As a blogger can do anything in his Own blog so it's not a big issue. But in blogger custom page a xss payload can be executed so it's an issue because the code which has been written in that section is not enough secure to filter xss than the other sections in the blogger.com
Thanks
0 comments:
Post a Comment