<<< Date Index >>> <<< Thread Index >>>

feedreader3 has XSS vulnerability

To: <bugtraq@xxxxxxxxxxxxxxxxx>
Subject: feedreader3 has XSS vulnerability
From: "Guy Mizrahi" <guy@xxxxxxxxxxxxxx>
Date: Fri, 28 Sep 2007 15:02:28 +0200
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

Hello,

I have found that feedreader3 has XSS vulnerability in its internal browser.

When I post a script into wordpress( like <script>alert("XSS")</script>, theRSS feed in the internal browser is vulnerable and show an alert box.

POC movie here:
http://www.hacking.org.il/demos/feedreader3.wmv

Guy Mizrahi (ZuLL)

Hebrew blog: http://www.hacking.org.il

Follow-Ups:
- RE: feedreader3 has XSS vulnerability
  - From: avivra

Prev by Date: Owning Big Brother: How to Crack into Axis IP cameras
Next by Date: Re: 0trace - traceroute on established connections
Previous by thread: Owning Big Brother: How to Crack into Axis IP cameras
Next by thread: RE: feedreader3 has XSS vulnerability
Index(es):
- Date
- Thread