Meta data allows XSS attacks

Security expert Tyler Reguly from nCircle organization says that data fields for storing meta information offer plenty of possibilities for XSS (cross-site scripting) attacks. He points out that this type of XSS attack is not novel, but he wanted to alert public of this issue. JavaScript embedded in Whois and DNS (Domain Name System) records and SSL (Secure Sockets Layer) certificates can, under certain circumstances, be executed in a browser.

For example, there are web services which carry out online checks on SSL certificates from other servers. As well as cryptographic information, such services also display data about certificate owner and issuer. If a service fails to filter the query data correctly, the user's browser may execute JavaScript contained in the query. Attackers could exploit this to carry out various activities, such as copying login cookies or changing a users profile settings. Some of services that are infected by MIXSS (meta information cross-site scripting) vulnerabilities are SSL Shopper and WhatsMyIP.org. Many other services could be vulnerable to this type of attack, and Reguly made presentation with few examples. The problem also occurs with many other pieces of meta information like HTTP (HyperText Transfer Protocol) headers and SMTP (Simple Mail Transfer Protocol) banners. Original article can be found on H-online web site.

Source: LSS Security