BugTraq
SiteCore XML Control Script Insertion Jan 29 2014 07:10AM
Mark Litchfield (mark securatary com)
Hey All,

Sitecores ?special way? of displaying XML Controls directly allows for a
Cross Site Scripting Attack ? more can be achieved with these XML
Controls and will be documented in another vulnerability report

http://target/?xmlcontrol=body%20onload=alert(123)
http://target/?xmlcontrol=iframe%20src=https://www.google.com/images/srp
r/logo11w.png

More information can be found at
http://www.securatary.com/vulnerabilities - Also listed is a useful text
file for use with Burp when auditing SiteCore.

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus