|
|
|
Update: StumbleUpon has fixed the XSS vulnerability, You can read more about it in my blog post "StumbleUpon Fixes The XSS"
Recently i wrote a post on "Detecting Cross Site Scripting Attacks XSS With Fiddler", In that post i explained how fiddler can be helpful in detecting Persistent and Non Persistent Cross site scripting vulnerabilities inside a webapplication, though it generates many false positives, however still it's a very useful piece of tool.
Few days before, while i was hunting for vulnerabilities inside stumbleupon.com, (for those of you who don't know stumbleupon is one of world's largest social bookmarking websites with alexa rank of 149). Fiddler helped me obtain a non persistent XSS vulnerability inside stumbleupon. Here is the screenshot that demonstrates proof of concept:
The vulnerability is reported to stumbleupon, however i haven't had a reply from them, For security reasons i cannot disclose the URL and parameters for the injection, I hope stumbleupon fixes the vulnerability pretty soon.
Subscribe to our Newsletter and receive updates directly via email - Get Ethical hacking and security tips directly to your inbox. Alternatively you can Join our Hackers Community on Facebook , Google+ and Twitter .
Kindly Bookmark it and Share it with Friends:
Rafay Baloch is an Independent security researcher, Internet marketer, Entrepreneur and a SEO consultant, He is the founder of RHA blog and multiple other blogs. Rafay got famous after finding a Remote Code Execution bug inside PayPal for which PayPal awarded him a sum of 10,000$
4 comments :
what harm you can do with this to stumbleupon
* Social engineering attacks: Can redirects to malicious sites
* Hijack accounts
Can u diclose that link after it get patched
@Visual
Sure i will.