MSDN Lab Microsoft - Content Spoofing / Text Injection
Vulnerable Product(s): MSDN Lab Microsoft
Affected Version(s): -
Vulnerability Typus: Content Spoofing / Text Injection
Description:
There are many different learning styles that reflect different individual preferences or ways to communicate ideas and information. MSDN brings learning information to you in a variety of styles to suit different developers' learning styles.
Technical Details:
Another example of a content spoofing attack would be to present false information to a user via text manipulation. An attack scenario is demonstrated below. For this scenario, lets assume proper output encoding HAS been implemented and XSS is not possible An attacker identifies a web application that gives recommendations to its users on whether they should buy or sell a particular stock.
PoC or Exploitcode:
hXXp://vulnerablesitem/mailform/Thanks.aspx?result=We Really Recommend You Sell This Stock Now &close=Close
Author/Group: Fahmi Fisal
Vendor-URL: http://microsoft.com
Product-URL: http://lab.msdn.microsoft.com
Demo-URL: http://lab.msdn.microsoft.com/mailform/Thanks.aspx?result=We Really Recommend You Sell This Stock Now &close=Close
Fix or Patch: -
Belum ada tanggapan untuk "MSDN Lab Microsoft - Content Spoofing / Text Injection"
Post a Comment