Posted DEC 11 2010 by MUTS in OFFENSIVE SECURITY with 0 COMMENTS
An interesting submission in from theExploit Database – a Godaddy workspace XSS vulnerability. Although we did not post it (live site), the vulnerability seems real, and definitely worth mentioning.In essence, this vulnerability allows an attacker to send malicious JavaScript to a non suspecting victim – allowing stealing of cookies and other nasty stuff. Effectively, if you are using the Godaddy workspace web interface, an attacker can acquire a your session information and log to the account with no credentials. All Godaddy workspace users, ph33r. Wait, didn’t we have a demo just like this in CTP ?
Will be interesting to see how long it takes Godaddy to fix this issue. Check out the PoC movie:
You can download the original Godaddy Cross Site Scripting Exploit movie from our archive.
CATEGORY: Offensive Security
יפה מאד
ReplyDeleteככה תמשיך