• info
• discussion
• exploit
• solution
• references

LiveJournal HTML Injection Vulnerability

It has been reported that LiveJournal is prone to a remote HTML injection vulnerability. This issue arises due to insufficient sanitization of user provided input allowing injection of HTML and script code into site content.

The injected code could then be interpreted by the browser of a user visiting a page that includes user-supplied hostile content. This attack would occur in the security context of the affected site.

This could be used to steal cookie-based authentication from other users. Other attacks are also possible.

It should be noted that the attacker must be a registered user with the ability to post malicious content in their journal.