http://anti-virus.cloudflare.com XSS(Cross Site Scripting) Vulnerability

October 17, 2011

0×1 Site : http://anti-virus.cloudflare.com
0x3 Author : Sandeep Kamble
0×4 Reported : October 12, 2011
0×6 Public Release : October 17 2011
0x7 Status: Fixed

Description :

Anti-virus.cloudflare.com is a service for avoiding spams .
This project to stop attacks and educate visitors with infected computers about how they can clean up their machines.

Affected Variable :
?b_src=

Exploit :
Executing Javascript using the vulnerable variable called as ?b_src= . This attack is commonly know as Cross Site Scripting (XSS)
Anti-virus.cloud + affected script having stored Xss attack which can used for the grabbing the cookies .

POC :

Screen Shot :

Cloud XSS

Countermeasure :

1) Determine whether HTML output includes input parameters
2) In short perform input sensitization

Conclusion

I like to thank the cloudflare Security Team for their quick responses to my reports.

We Provide Penetration Testing

2 Comments

cons0ul

October 17, 2011 @ 7:38 am

nice work man !!!
Reply

Virgie

February 18, 2013 @ 11:19 am

This is my first time go to see at here and i am really impressed to
read all at single place.
Reply

Leave a Reply to cons0ul Cancel reply

Your email address will not be published. Required fields are marked *

Name *

Email *

Website

Comment