MSDN Lab Microsoft - Content Spoofing / Text Injection

Vulnerable Product(s): MSDN Lab Microsoft
Affected Version(s): -
Vulnerability Typus: Content Spoofing / Text Injection

Description:
There are many different learning styles that reflect different individual preferences or ways to communicate ideas and information. MSDN brings learning information to you in a variety of styles to suit different developers' learning styles.

Technical Details:
Another example of a content spoofing attack would be to present false information to a user via text manipulation. An attack scenario is demonstrated below. For this scenario, lets assume proper output encoding HAS been implemented and XSS is not possible An attacker identifies a web application that gives recommendations to its users on whether they should buy or sell a particular stock.

PoC or Exploitcode:
hXXp://vulnerablesitem/mailform/Thanks.aspx?result=We Really Recommend You Sell This Stock Now &close=Close

Author/Group: Fahmi Fisal

Vendor-URL: http://microsoft.com
Product-URL: http://lab.msdn.microsoft.com
Demo-URL: http://lab.msdn.microsoft.com/mailform/Thanks.aspx?result=We Really Recommend You Sell This Stock Now &close=Close
Fix or Patch: -

Tweet

Postingan terkait:

Ditulis Ryuzaki — Monday, July 22, 2013 — Add Comment — Content Spoofing, CSRF, Secure Messenger, sekuriti, Text Injection, xss