There's an XSS vuln on the California Democratic Party website that works even with NoScript installed. I posted details here:
http://samsclass.info/123/ppt/XSS-DNC.html
Sam Bowne
City College San Francisco
Computer Networking and Information Technology
Box EVE-004, 50 Phelan Avenue, San Francisco, CA 94112
XSS that goes past NoScript
-
sbowne@ccsf.edu
- Posts: 1
- Joined: Sat Apr 18, 2009 2:57 pm
XSS that goes past NoScript
Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.0.7) Gecko/2009021910 Firefox/3.0.7
-
Giorgio Maone
- Site Admin
- Posts: 9454
- Joined: Wed Mar 18, 2009 11:22 pm
- Location: Palermo - Italy
- Contact:
Re: XSS that goes past NoScript
Not quite.
Your "PoC" involves sending the POST from the site itself, therefore there's no cross-site scripting at all. It's "same site" scripting, not exploitable at all.
Anyway the hole is there, so please come back with a PoC sending the POST from a different site, with the target site allowed to run script, and then you can call it a XSS passing through NoScript (very unlikely
)
Your "PoC" involves sending the POST from the site itself, therefore there's no cross-site scripting at all. It's "same site" scripting, not exploitable at all.
Anyway the hole is there, so please come back with a PoC sending the POST from a different site, with the target site allowed to run script, and then you can call it a XSS passing through NoScript (very unlikely
)Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.9.0.8) Gecko/2009032609 Firefox/3.0.8 (.NET CLR 3.5.30729)