[RESOLVED] XSS on Photobucket

[Kisrah Ferraris]

A few weeks ago NoScript started filtering XSS attempts from Photobucket. It's causing some difficulties in using the site.

What can I add to the Exceptions list to stop this from happening?

[Tom T.]

A few weeks ago NoScript started filtering XSS attempts from Photobucket. It's causing some difficulties in using the site.

What can I add to the Exceptions list to stop this from happening?

First, we need to make sure it's not a genuine XSS. Where do we need to go, what do we need to allow, what do we need to click on, to see this for ourselves?

Also, when you get this warning, please open Firefox Tools > Error Console. Click "Errors", to filter out any non-error messages. Copy and paste all error messages here. Thanks.

@ Giorgio: I already received the following in EC:

Error: COMSCORE is not defined
Source File: http://photobucket.com/images/color%20splash/
Line: 180

[Kisrah Ferraris]

I'm getting these in the Error Console:

Error: COMSCORE is not defined
Source File: http://smg.photobucket.com/albums/v146/Kisrah/
Line: 200

Error: unexpected end of XML source
Source File: http://b.photobucket.com/pbkt/hserver/viewid=5027672548/size=PROMO/reg_zip=NR3%204QB/user_kw=empty/sp=t/bf=empty/ptype=landing/spon=empty/track=empty/ref_domain=empty/random=428738/area=user_albums_media/age=30/gender=F/login=Y/site=pb/email_domain=UK
Line: 2

It's only happening while I'm logged into the site, and then it happens on every page load. So pretty much clicking anything brings up the XSS message.

[Giorgio Maone]

It's only happening while I'm logged into the site, and then it happens on every page load. So pretty much clicking anything brings up the XSS message.

What does the XSS message say, exactly?
There should be at least one [NoScript XSS] line in your error console, when this happens.

[Kisrah Ferraris]

I get this message at the top of the browser window:

NoScript has filtered a potential cross-site scripting (XSS) attempt from [http://smg.photobucket.com]. Technical details have been logged to the Console.

The errors in my previous post are the only things that show in the Errors section. I've also got this under Messages in the console:

[NoScript XSS] Sanitised suspicious request. Original URL [http://b.photobucket.com/pbkt/hserver/viewid=3013333976/size=BANNER/reg_zip=NR3+4QB/user_kw=empty/sp=t/bf=empty/ptype=landing/spon=empty/track=nav/ref_domain=empty/random=959363/area=user_albums_media/age=30/gender=F/login=Y/site=pb/email_domain=UK/anprice=50/generic=http%3A%2F%2Fib.adnxs.com%2Fab%3Fenc%3DAQAAAAAA6D-amZmZmZnlPwAAAAAAAOg_mpmZmZmZ5T8AAAAAAADoP0qJ0yHkE21Vm2Zrf3xaeWgPJKNOAAAAACkyAABWAAAAbAEAAAIAAADCxQgAiWMAAAEAAABVU0QAVVNEANgCWgC0CNQADgoBAQUCAQMCHgAAsB24PAAAAAA.%26tt_code%3Duser_albums_media%26udj%3Duf%2528%2527a%2527%252C%2B6076%252C%2B1319314447%2529%253Buf%2528%2527c%2527%252C%2B83582%252C%2B1319314447%2529%253Buf%2528%2527g%2527%252C%2B37872%252C%2B1319314447%2529%253Buf%2528%2527r%2527%252C%2B574914%252C%2B1319314447%2529%253Bppv%25287050%252C%2B%25276155598136226318666%2527%252C%2B1319314447%252C%2B1321906447%252C%2B83582%252C%2B25481%252C%2B0%2529%253Bppv%25287050%252C%2B%25276155598136226318666%2527%252C%2B1319314447%252C%2B1321906447%252C%2B83582%252C%2B25481%252C%2B0%2529%253B%26cnd%3D%21pCFkKQj-jAUQwosjGAAgiccBMAE4tBFAAEjsAlCpZFgAYLsCaABwAHgAgAEAiAEAkAEBmAEBoAECqAEDsAEAuQHZX3ZPHhbeP8EBAAAAAAAA6D_JAQWW0Vv5QPE_2QHmP6Tfvg7kP-ABmy8.%26ccd%3D%21oQSGJwj-jAUQwosjGInHASAA%26referrer%3Dhttp%3A%2F%2Fsmg.photobucket.com%2Falbums%2Fv146%2FKisrah%2F%26media_subtypes%3D1] requested from [http://smg.photobucket.com/albums/v146/Kisrah/]. Sanitised URL: [http://b.photobucket.com/pbkt/hserver/viewid%203013333976/size%20BANNER/reg_zip%20NR3+4QB/user_kw%20empty/sp%20t/bf%20empty/ptype%20landing/spon%20empty/track%20nav/ref_domain%20empty/random%20959363/area%20user_albums_media/age%2030/gender%20F/login%20Y/site%20pb/email_domain%20UK/anprice%2050/generic%20http://ib.adnxs.com/ab%3Fenc%20AQ20AAAA6D-amZmZmZnlPwAAAAAAAOg_mpmZmZmZ5T8AAAAAAADoP0qJ0yHkE21Vm2Zrf3xaeWgPJKNOAAAAACkyAABWAAAAbAEAAAIAAADCxQgAiWMAAAEAAABVU0QAVVNEANgCWgC0CNQ20goBAQUCAQMCHgAAsB24PAAAAAA.&tt_code%20user_albums_media&udj%20uf%20%20a%20%20+6076%20+1319314447%20%20uf%20%20c%20%20+83582%20+1319314447%20%20uf%20%20g%20%20+37872%20+1319314447%20%20uf%20%20r%20%20+574914%20+1319314447%20%20ppv%207050%20+%206155598136226318666%20%20+1319314447%20+1321906447%20+83582%20+25481%20+0%20%20ppv%207050%20+%206155598136226318666%20%20+1319314447%20+1321906447%20+83582%20+25481%20+0%20%20&cnd%20!pCFkKQj-jAUQwosjGAAgiccBMAE4tBFAAEjsAlCpZFgAYLsCaABwAHgAgAEAiAEAkAEBmAEBoAECqAEDsAEAuQHZX3ZPHhbeP8EBAAAAAAAA6D_JAQWW0Vv5QPE_2QHmP6Tfvg7kP-ABmy8.&ccd%20!oQSGJwj-jAUQwosjGInHASAA&referrer%20http://smg.photobucket.com/albums/v146/Kisrah/&media_subtypes%201#36842317193817387520].

[Giorgio Maone]

Try to add

Code: Select all

^@http://smg\.photobucket\.com/albums/

to your NoScript Options|Advanced|XSS exceptions box.

[Kisrah Ferraris]

Worked great. Thanks!