Page 1 of 1
Need help with tumblr posts and XSS
Posted: Sat Nov 07, 2015 2:48 pm
by Myol
Hello.
XSS problem:
Problem and
NoScript window
original post after refresh
image
Link
lesstalkmoreillustration
Console
image
I can't see all instagram vids on tumblr dash.
Re: Need help with tumblr posts and XSS
Posted: Sat Nov 07, 2015 4:52 pm
by barbaz
Those two images do not load for me.
I therefore don't know what to look for on the link
This looks like a CORS error, nothing to do with the XSS filter...
Can you please translate the console message to English?
Re: Need help with tumblr posts and XSS
Posted: Sat Nov 07, 2015 6:05 pm
by Myol
barbaz wrote:This looks like a CORS error, nothing to do with the XSS filter...
Can you please translate the console message to English?
Sorry, wrong console message. Add new in the last reply.
barbaz wrote:
Those two images do not load for me.
Ok)
Re: Need help with tumblr posts and XSS
Posted: Sat Nov 07, 2015 6:43 pm
by Myol
Re: Need help with tumblr posts and XSS
Posted: Sat Nov 07, 2015 9:21 pm
by barbaz
Thanks for the additional info and fixing the images.
The issue is that they're passing what looks like HTML code around in URLs... which is just asking to be XSSed. I'll leave to someone else to come up with a solution or work-around for you, because I don't have any good ideas here, sorry.
Re: Need help with tumblr posts and XSS
Posted: Mon Nov 09, 2015 2:01 am
by Thrawn
You might be able to work around this by filtering the site with ABE and adding an XSS exception, but it's safer to just not use the site if you can avoid it.
