InformAction Forums

NoScripters and WebSec nerds of all lands, unite!
https://forums.informaction.com/

XXS issue with medium.com I think.

https://forums.informaction.com/viewtopic.php?t=22605

Page 1 of 1

XXS issue with medium.com I think.

Posted: Wed Mar 01, 2017 11:00 am
by trinsic
Hi, im trying to log into medium.com using firefox+noscript, but it keeps popping up an error stating that meidum.com cant login me in and that I need to enabled third party cookies. I didn't think this was correct so I looked at the server response headers. I couldnt paste the code, the spam filters didnt like it:
Image

It looks like its a cross site scripting issue. Medium.com probably authenticates cookies from another domain or something. The problem is I dont really know how to create an exception in the rules config and wanted to see if someone can point me in the right direction. Let me know if more information is needed.

Re: XXS issue with medium.com I think.

Posted: Wed Mar 01, 2017 5:26 pm
by barbaz
That's the Web Console, isn't it? When this issue occurs, do you see anything related in the Browser Console? (Ctrl-Shift-J)
(if you don't know what's related, turn off CSS warnings and post everything else you see)

Re: XXS issue with medium.com I think.

Posted: Wed Mar 01, 2017 6:03 pm
by trinsic
barbaz wrote:That's the Web Console, isn't it? When this issue occurs, do you see anything related in the Browser Console? (Ctrl-Shift-J)
(if you don't know what's related, turn off CSS warnings and post everything else you see)
Yes it is. No I dont see anything i the browser console.

Re: XXS issue with medium.com I think.

Posted: Wed Mar 01, 2017 6:22 pm
by barbaz
Does disabling NoScript (Tools > Add-ons Manager > NoScript > Disable > Yes, remove ALL protections) get it working?
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited