Author Topic: StumbleUpon vulnerable to Reflected Cross site scripting  (Read 547 times)

0 Members and 1 Guest are viewing this topic.

Offline ebenzunlimited

  • Lead Admin
  • *****
StumbleUpon vulnerable to Reflected Cross site scripting
« on: October 15, 2012, 02:36:14 PM »

A security researcher, Rafay Baloch, has discovered Cross site scripting vulnerability in the StumbleUpon , One of the famous social bookmarking website with alexa rank of 149.

"Few days before, while i was hunting for vulnerabilities inside stumbleupon.com," Rafay said in his blog post. "Fiddler helped me obtain a non persistent XSS vulnerability inside stumbleupon"

He send notification about the vulnerability to StumbleUpon, however there is no response from other side.

"For security reasons i cannot disclose the URL and parameters for the injection, I hope stumbleupon fixes the vulnerability pretty soon." researcher said.

At the time of writing, the vulnerability is not patched and we are able to exploit the vulnerability.  In fact, i inject a redirection code that successfully redirects me to the given url.  So , an attacker can exploit this vulnerability for launching social engineering attack and redirect user to malicious site. Also it is possible to hijack session that allows attacker to take control of your stumble upon account.

Few days back, Rafay also discovered a redirection vulnerability in Facebook. 
« Last Edit: October 15, 2012, 02:38:26 PM by ebenzunlimited »
Insane I Lived♥ Sane I Died♥<img src='http://i253.photobucket.com/albums/hh74/reallytired2/family%20pictures/buckeye%20stuff/clap.gif' />

 

* Post Updates

WPX is giving out 6 months of free WordPress hosting this week by obasimiracle
[November 25, 2020, 01:56:47 AM]


Re: Outlook PST Merge by ruth less
[November 11, 2020, 07:22:38 AM]


Re: How to Convert OLM to PST by priyankaarya
[November 10, 2020, 01:03:10 PM]

Inside: 3P Techies Blog

* Newest Techies

Get Updates


Sign up to get latest updates delivered to your inbox. No Spam, We Promise!

Get Hosting!

a Faster web hosting service

Copyright 3rd Planet Techies. All rights Reserved.

Top || Mobile ||Advertise || Contact Us || Privacy